-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security, bug fix, and enhancement update Advisory ID: RHSA-2022:7935-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7935 Issue date: 2022-11-15 CVE Names: CVE-2022-1049 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 9) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * pcs: improper authentication via PAM (CVE-2022-1049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301204 - Some stonith resource changes require "pcs resource" 2024522 - [RFE] Provide a way to add a scsi **mpath** fencing device to a cluster without requiring a restart of all cluster resources 2026725 - booth: pcs should check that '/etc/booth' exists 2029844 - [WebUI] Overhaul "Add existing cluster" wizard 2039884 - [WebUI][RFE] support SBD management 2053177 - booth: pcs should validate ticket names 2054671 - [RFE] Generate UUID for each cluster 2058243 - pcs booth ticket add does not recognize mode option 2058246 - Prevent fence_sbd in combination with stonith-watchdog-timeout>0 2058247 - [RFE] Provide easier management of constraints created by pcs move command 2058251 - [RFE] Provide method to export commands to create all resources 2058252 - [RFE] Provide method to export commands to create all fence devices 2059122 - Hiding Server Name HTTP header from TornadoServer(used in pcs/pcsd) 2059142 - [WebUI][RFE] Allow to change position of resource inside group 2059145 - [WebUI] Loading cluster status (or cluster list) does not start automatically immediately after logout and login 2059148 - [WebUI][RFE] add support for modification of utilization attributes in nodes and resources 2059149 - [WebUI][RFE] add support to add/remove resource meta attribute 2059177 - [WebUI] Wrong label for full permissions 2059501 - pcs rebase bz for 9.1 2064818 - man pcs suggests using 'stickiness' instead of 'resource-stickiness' in 'pcs resource meta' 2066629 - CVE-2022-1049 pcs: improper authentication via PAM 2076585 - [WebUI][RFE] add support to add/remove node attribute 2095695 - Cannot remove a quorum device 2097778 - Pcs WebUI - CSP headers do not restrict script source 2102663 - 'pcs resource restart' fails with a traceback 6. Package List: Red Hat Enterprise Linux High Availability (v. 9): Source: pcs-0.11.3-4.el9.src.rpm aarch64: pcs-0.11.3-4.el9.aarch64.rpm pcs-snmp-0.11.3-4.el9.aarch64.rpm ppc64le: pcs-0.11.3-4.el9.ppc64le.rpm pcs-snmp-0.11.3-4.el9.ppc64le.rpm s390x: pcs-0.11.3-4.el9.s390x.rpm pcs-snmp-0.11.3-4.el9.s390x.rpm x86_64: pcs-0.11.3-4.el9.x86_64.rpm pcs-snmp-0.11.3-4.el9.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 9): Source: pcs-0.11.3-4.el9.src.rpm ppc64le: pcs-0.11.3-4.el9.ppc64le.rpm pcs-snmp-0.11.3-4.el9.ppc64le.rpm s390x: pcs-0.11.3-4.el9.s390x.rpm pcs-snmp-0.11.3-4.el9.s390x.rpm x86_64: pcs-0.11.3-4.el9.x86_64.rpm pcs-snmp-0.11.3-4.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1049 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3OMj9zjgjWX9erEAQinzA/+LoayakWdPMQpdrxTPbCDe8aywOeG27Zv DWgUzRmjWpwG8K7oerlLLkNPgxmto0slnRtkhxxRb0+MkoumlECUfJhGzaTsQnBk oLfHS7KxFLbnMp+pBHNoyw56JsOR5dITGxQihS9/N81KLOvQF+OcgswxYlUlNDOH v5KWsC3Odc4QcqqKWpkqBNlS+yJYNEBfDktmIuP8kQbzGFfQ39nb+4RpjmnKUEwC fkREm9Onag+TQaekOCi8zRLCDR9v8LqTCwqAQBGQTy2qva6Ete3eHNLjWDdB9rb/ enQa8lFTfHHr/IJwvpQoEsLh8WdaL3zP0+DxgLy/maL9CGgpNvOdqoMqNVQ42xKj LsP1kiLX+9mvzHb2sUR4W5RrFrN0wJm9/r2M4d69sXgyeKs8m1FKNWGuHEvS9f5o ndAWM7BPXvZpbhCsZsMMqbWXztBgR8HzogM8LWfnRENi+FsN6IEXj3sbmhTpi/oe mN7vCP6PD9uqG1OXNgeem8zJaasPtnzl5QxQsq3H+9nXphKo6RjSotedGCPGQS5V ssMKB94SmxXgnLCSKxzjeVpVyCjKVNV4ZqyJ9Oz7Cxgk3XwKBYUqIaONfOW5ojEb MlDG6LEJSCppsPfw3k6xLxqsax+K9CzdH+VfOAS1C5GUQo5VP9uGj52kLnF7mfrw YX0PamRn+ZU=IOln -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce