[ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358
Tomas Jelinek
tojeline at redhat.com
Mon Jan 23 04:55:51 EST 2023
Hi A Gunasekar,
The pcs-0.9 branch is unsupported and no longer maintained since
2021-04-16. There will be no further releases and commits in that
branch. Pcs-0.9 only works with Pacemaker 1.x and Corosync 2.x and those
have been unsupported for quite some time as well.
I recommend updating your cluster stack to newer versions.
Regards,
Tomas
Dne 20. 01. 23 v 11:23 Reid Wahl napsal(a):
>
>
> On Fri, Jan 20, 2023 at 2:19 AM A Gunasekar <a.gunasekar at ericsson.com
> <mailto:a.gunasekar at ericsson.com>> wrote:
>
> Hi Wahl.____
>
> __ __
>
> The solution Tomas as suggested is from Redhat delivered rpm
> packages “*pcs-0.9.169-3.el7_9.3*”. ____
>
> __ __
>
> But we are using Cluster Lab delivered rpm packages in our node.____
>
> __ __
>
> So it would be good if we get fixed deliverables from Cluster Lab
> delivered rpms.
>
>
> + users list
>
> Please include the mailing list on emails
>
> ____
>
> __ __
>
> __ __
>
> __ __
>
> Ericsson <http://www.ericsson.com/>____
>
> *Gunasekar A **____*
>
> Senior Software Engineer____
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS____
>
> Mobile: +919894561292____
>
> Email ID: a.gunasekar at ericsson.com
> <mailto:a.gunasekar at ericsson.com>*____*
>
> __ __
>
> __ __
>
> __ __
>
> __ __
>
> *From:*A Gunasekar
> *Sent:* 20 January 2023 15:12
> *To:* Reid Wahl <nwahl at redhat.com <mailto:nwahl at redhat.com>>
> *Cc:* M Vasanthakumar <m.vasanthakumar at ericsson.com
> <mailto:m.vasanthakumar at ericsson.com>>; S Sathish S
> <s.s.sathish at ericsson.com <mailto:s.s.sathish at ericsson.com>>
> *Subject:* RE: [ClusterLabs] Fix for CVE-2022-30123 and
> CVE-2019-11358____
>
> __ __
>
> Thanks Wahl for this information ____
>
> __ __
>
> __ __
>
> __ __
>
> *From:*Reid Wahl <nwahl at redhat.com <mailto:nwahl at redhat.com>>
> *Sent:* 20 January 2023 11:57
> *To:* A Gunasekar <a.gunasekar at ericsson.com
> <mailto:a.gunasekar at ericsson.com>>
> *Cc:* M Vasanthakumar <m.vasanthakumar at ericsson.com
> <mailto:m.vasanthakumar at ericsson.com>>; S Sathish S
> <s.s.sathish at ericsson.com <mailto:s.s.sathish at ericsson.com>>
> *Subject:* Re: [ClusterLabs] Fix for CVE-2022-30123 and
> CVE-2019-11358____
>
> __ __
>
> __ __
>
> __ __
>
> On Thu, Jan 19, 2023 at 9:19 PM A Gunasekar
> <a.gunasekar at ericsson.com <mailto:a.gunasekar at ericsson.com>> wrote:____
>
> Hi Wahl,____
>
> ____
>
> Tomas update was not visible to us and Thanks for sharing it
> here.____
>
> https://lists.clusterlabs.org/pipermail/users/2022-December/030734.html <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-ccdbf0db8445bdb4&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2022-December%2F030734.html>____
>
> __ __
>
> You're welcome. Unfortunately, the threads are separated by month.
> So if a reply is sent in a different month, it doesn't appear in the
> original thread. You sent your original email in December, and Tomas
> replied in January. See the following links:____
>
> https://lists.clusterlabs.org/pipermail/users/2023-January/thread.html <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-8bc25f8cc580c14b&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2023-January%2Fthread.html>____
>
> https://lists.clusterlabs.org/pipermail/users/2023-January/030750.html <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-da3abaa3680ed01a&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2023-January%2F030750.html>____
>
> __ __
>
> ____
>
> ____
>
> Ericsson <http://www.ericsson.com/>____
>
> *Gunasekar A *____
>
> Senior Software Engineer____
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS____
>
> Mobile: +919894561292____
>
> Email ID: a.gunasekar at ericsson.com
> <mailto:a.gunasekar at ericsson.com>____
>
> *From:*Reid Wahl <nwahl at redhat.com <mailto:nwahl at redhat.com>>
> *Sent:* 20 January 2023 03:07
> *To:* Cluster Labs - All topics related to open-source
> clustering welcomed <users at clusterlabs.org
> <mailto:users at clusterlabs.org>>
> *Cc:* A Gunasekar <a.gunasekar at ericsson.com
> <mailto:a.gunasekar at ericsson.com>>; M Vasanthakumar
> <m.vasanthakumar at ericsson.com
> <mailto:m.vasanthakumar at ericsson.com>>; S Sathish S
> <s.s.sathish at ericsson.com <mailto:s.s.sathish at ericsson.com>>
> *Subject:* Re: [ClusterLabs] Fix for CVE-2022-30123 and
> CVE-2019-11358____
>
> ____
>
> ____
>
> ____
>
> On Thu, Jan 19, 2023 at 12:54 PM A Gunasekar via Users
> <users at clusterlabs.org <mailto:users at clusterlabs.org>> wrote:____
>
> Hi Team,____
>
> ____
>
> Can we get some update on this.____
>
> ____
>
> Hi,____
>
> ____
>
> What update are you seeking? It looks like Tomas already
> answered your question. I'll paste his answer again here.____
>
> ____
>
> > Hi A Gunasekar,
> >
> > As far as I can see, updated pcs packages
> pcs-0.9.169-3.el7_9.3 which
> > fix the mentioned CVEs were released on 2022-11-02.
> >
> > Regards,
> > Tomas____
>
> ____
>
> ____
>
> ____
>
> Ericsson <http://www.ericsson.com/>____
>
> *Gunasekar A *____
>
> Senior Software Engineer____
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS____
>
> Mobile: +919894561292____
>
> Email ID: a.gunasekar at ericsson.com
> <mailto:a.gunasekar at ericsson.com>____
>
> *From:*A Gunasekar
> *Sent:* 21 December 2022 18:59
> *To:* users at clusterlabs.org <mailto:users at clusterlabs.org>
> *Cc:* S Sathish S <s.s.sathish at ericsson.com
> <mailto:s.s.sathish at ericsson.com>>; M Vasanthakumar
> <m.vasanthakumar at ericsson.com
> <mailto:m.vasanthakumar at ericsson.com>>
> *Subject:* Fix for CVE-2022-30123 and CVE-2019-11358____
>
> ____
>
> Hi Team,____
>
> ____
>
> Please be informed, we have got notified from our security
> tool that our pcs version 0.9 is affected by the
> *CVE-2022-30123 and CVE-2019-11358*. ____
>
> It would be great if we help to get answers for the below
> queries.____
>
> **____
>
> * We are currently in RHEL 7.9 OS and using pcs 0.9
> version, Is there any fix planned/available for this
> affection version (0.9.x) of pcs ?____
> * Let us know in which release this CVEs fix are planned ?____
>
> **____
>
> *Our system Details:-*____
>
> OS Version: RHEL 7.9____
>
> Cluster lab PCS version: 0.9____
>
> ____
>
> ____
>
> Ericsson <http://www.ericsson.com/>____
>
> *Gunasekar A *____
>
> Senior Software Engineer____
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS____
>
> Mobile: +919894561292____
>
> Email ID: a.gunasekar at ericsson.com
> <mailto:a.gunasekar at ericsson.com>____
>
> ____
>
> ____
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-d41b18997a64a81a&q=1&e=59a6df80-228c-4bfb-a417-9820eb29ea91&u=https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers>
>
> ClusterLabs home: https://www.clusterlabs.org/
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-b3537e65a3f1def4&q=1&e=59a6df80-228c-4bfb-a417-9820eb29ea91&u=https%3A%2F%2Fwww.clusterlabs.org%2F>____
>
>
>
> -- ____
>
> Regards,____
>
> Reid Wahl (He/Him)____
>
> Senior Software Engineer, Red Hat____
>
> RHEL High Availability - Pacemaker____
>
>
>
> -- ____
>
> Regards,____
>
> Reid Wahl (He/Him)____
>
> Senior Software Engineer, Red Hat____
>
> RHEL High Availability - Pacemaker____
>
>
>
> --
> Regards,
>
> Reid Wahl (He/Him)
> Senior Software Engineer, Red Hat
> RHEL High Availability - Pacemaker
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
More information about the Users
mailing list