[ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358

Reid Wahl nwahl at redhat.com
Thu Jan 19 16:37:07 EST 2023 

On Thu, Jan 19, 2023 at 12:54 PM A Gunasekar via Users <
users at clusterlabs.org> wrote:

> Hi Team,
>
>
>
> Can we get some update on this.
>

Hi,

What update are you seeking? It looks like Tomas already answered your
question. I'll paste his answer again here.

> Hi A Gunasekar,
>
> As far as I can see, updated pcs packages pcs-0.9.169-3.el7_9.3 which
> fix the mentioned CVEs were released on 2022-11-02.
>
> Regards,
> Tomas


>
>
>
>
> [image: Ericsson] <http://www.ericsson.com/>
>
> *Gunasekar A *
>
> Senior Software Engineer
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS
>
> Mobile: +919894561292
>
> Email ID: a.gunasekar at ericsson.com
>
> *From:* A Gunasekar
> *Sent:* 21 December 2022 18:59
> *To:* users at clusterlabs.org
> *Cc:* S Sathish S <s.s.sathish at ericsson.com>; M Vasanthakumar <
> m.vasanthakumar at ericsson.com>
> *Subject:* Fix for CVE-2022-30123 and CVE-2019-11358
>
>
>
> Hi Team,
>
>
>
> Please be informed, we have got notified from our security tool that our
> pcs version 0.9 is affected by the *CVE-2022-30123 and CVE-2019-11358*.
>
> It would be great if we help to get answers for the below queries.
>
>
>
>    - We are currently in RHEL 7.9 OS and using pcs 0.9 version, Is there
>    any fix planned/available for this affection version (0.9.x) of pcs ?
>    - Let us know in which release this CVEs fix are planned ?
>
>
>
> *Our system Details:-*
>
> OS Version: RHEL 7.9
>
> Cluster lab PCS  version: 0.9
>
>
>
>
>
> [image: Ericsson] <http://www.ericsson.com/>
>
> *Gunasekar A *
>
> Senior Software Engineer
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS
>
> Mobile: +919894561292
>
> Email ID: a.gunasekar at ericsson.com
>
>
>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>


-- 
Regards,

Reid Wahl (He/Him)
Senior Software Engineer, Red Hat
RHEL High Availability - Pacemaker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20230119/1dfa27b4/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 320 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20230119/1dfa27b4/attachment-0001.png>

More information about the Users mailing list