[ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358

Reid Wahl nwahl at redhat.com
Fri Jan 20 05:23:28 EST 2023


On Fri, Jan 20, 2023 at 2:19 AM A Gunasekar <a.gunasekar at ericsson.com>
wrote:

> Hi Wahl.
>
>
>
> The solution Tomas  as suggested is from Redhat delivered rpm packages “
> *pcs-0.9.169-3.el7_9.3*”.
>
>
>
> But we are using Cluster Lab  delivered rpm packages in our node.
>
>
>
> So it would be good if we get fixed deliverables from Cluster Lab
> delivered rpms.
>

+ users list

Please include the mailing list on emails


>
>
>
>
>
>
> [image: Ericsson] <http://www.ericsson.com/>
>
> *Gunasekar A *
>
> Senior Software Engineer
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS
>
> Mobile: +919894561292
>
> Email ID: a.gunasekar at ericsson.com
>
>
>
>
>
>
>
>
>
> *From:* A Gunasekar
> *Sent:* 20 January 2023 15:12
> *To:* Reid Wahl <nwahl at redhat.com>
> *Cc:* M Vasanthakumar <m.vasanthakumar at ericsson.com>; S Sathish S <
> s.s.sathish at ericsson.com>
> *Subject:* RE: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358
>
>
>
> Thanks Wahl for this information
>
>
>
>
>
>
>
> *From:* Reid Wahl <nwahl at redhat.com>
> *Sent:* 20 January 2023 11:57
> *To:* A Gunasekar <a.gunasekar at ericsson.com>
> *Cc:* M Vasanthakumar <m.vasanthakumar at ericsson.com>; S Sathish S <
> s.s.sathish at ericsson.com>
> *Subject:* Re: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358
>
>
>
>
>
>
>
> On Thu, Jan 19, 2023 at 9:19 PM A Gunasekar <a.gunasekar at ericsson.com>
> wrote:
>
> Hi Wahl,
>
>
>
> Tomas update was not visible to us  and Thanks for sharing it here.
>
> https://lists.clusterlabs.org/pipermail/users/2022-December/030734.html
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-ccdbf0db8445bdb4&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2022-December%2F030734.html>
>
>
>
> You're welcome. Unfortunately, the threads are separated by month. So if a
> reply is sent in a different month, it doesn't appear in the original
> thread. You sent your original email in December, and Tomas replied in
> January. See the following links:
>
> https://lists.clusterlabs.org/pipermail/users/2023-January/thread.html
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-8bc25f8cc580c14b&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2023-January%2Fthread.html>
>
> https://lists.clusterlabs.org/pipermail/users/2023-January/030750.html
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-da3abaa3680ed01a&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2023-January%2F030750.html>
>
>
>
>
>
>
>
> [image: Ericsson] <http://www.ericsson.com/>
>
> *Gunasekar A *
>
> Senior Software Engineer
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS
>
> Mobile: +919894561292
>
> Email ID: a.gunasekar at ericsson.com
>
> *From:* Reid Wahl <nwahl at redhat.com>
> *Sent:* 20 January 2023 03:07
> *To:* Cluster Labs - All topics related to open-source clustering
> welcomed <users at clusterlabs.org>
> *Cc:* A Gunasekar <a.gunasekar at ericsson.com>; M Vasanthakumar <
> m.vasanthakumar at ericsson.com>; S Sathish S <s.s.sathish at ericsson.com>
> *Subject:* Re: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358
>
>
>
>
>
>
>
> On Thu, Jan 19, 2023 at 12:54 PM A Gunasekar via Users <
> users at clusterlabs.org> wrote:
>
> Hi Team,
>
>
>
> Can we get some update on this.
>
>
>
> Hi,
>
>
>
> What update are you seeking? It looks like Tomas already answered your
> question. I'll paste his answer again here.
>
>
>
> > Hi A Gunasekar,
> >
> > As far as I can see, updated pcs packages pcs-0.9.169-3.el7_9.3 which
> > fix the mentioned CVEs were released on 2022-11-02.
> >
> > Regards,
> > Tomas
>
>
>
>
>
>
>
> [image: Ericsson] <http://www.ericsson.com/>
>
> *Gunasekar A *
>
> Senior Software Engineer
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS
>
> Mobile: +919894561292
>
> Email ID: a.gunasekar at ericsson.com
>
> *From:* A Gunasekar
> *Sent:* 21 December 2022 18:59
> *To:* users at clusterlabs.org
> *Cc:* S Sathish S <s.s.sathish at ericsson.com>; M Vasanthakumar <
> m.vasanthakumar at ericsson.com>
> *Subject:* Fix for CVE-2022-30123 and CVE-2019-11358
>
>
>
> Hi Team,
>
>
>
> Please be informed, we have got notified from our security tool that our
> pcs version 0.9 is affected by the *CVE-2022-30123 and CVE-2019-11358*.
>
> It would be great if we help to get answers for the below queries.
>
>
>
>    - We are currently in RHEL 7.9 OS and using pcs 0.9 version, Is there
>    any fix planned/available for this affection version (0.9.x) of pcs ?
>    - Let us know in which release this CVEs fix are planned ?
>
>
>
> *Our system Details:-*
>
> OS Version: RHEL 7.9
>
> Cluster lab PCS  version: 0.9
>
>
>
>
>
> [image: Ericsson] <http://www.ericsson.com/>
>
> *Gunasekar A *
>
> Senior Software Engineer
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS
>
> Mobile: +919894561292
>
> Email ID: a.gunasekar at ericsson.com
>
>
>
>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-d41b18997a64a81a&q=1&e=59a6df80-228c-4bfb-a417-9820eb29ea91&u=https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers>
>
> ClusterLabs home: https://www.clusterlabs.org/
> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-b3537e65a3f1def4&q=1&e=59a6df80-228c-4bfb-a417-9820eb29ea91&u=https%3A%2F%2Fwww.clusterlabs.org%2F>
>
>
>
> --
>
> Regards,
>
> Reid Wahl (He/Him)
>
> Senior Software Engineer, Red Hat
>
> RHEL High Availability - Pacemaker
>
>
>
> --
>
> Regards,
>
> Reid Wahl (He/Him)
>
> Senior Software Engineer, Red Hat
>
> RHEL High Availability - Pacemaker
>


-- 
Regards,

Reid Wahl (He/Him)
Senior Software Engineer, Red Hat
RHEL High Availability - Pacemaker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20230120/dccc3c17/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 320 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20230120/dccc3c17/attachment-0001.png>


More information about the Users mailing list