[ClusterLabs] Fix for CVE-2024-25126, CVE-2024-26141 and CVE-2024-26146

Michal Pospíšil (he / him) mpospisi at redhat.com
Tue Aug 6 16:32:17 UTC 2024 

Hello Gunasekar,

The mentioned vulnerabilities do not directly affect pcs. Therefore, there
are no upstream pcs fixes. Downstream, in RHEL, pcs ships with some bundled
components. All 3 of these vulnerabilities affect one of those components -
rubygem Rack (https://rubygems.org/gems/rack). All of them were already
fixed, see the following links:
https://access.redhat.com/security/cve/CVE-2024-25126
https://access.redhat.com/security/cve/CVE-2024-26141
https://access.redhat.com/security/cve/CVE-2024-26146

If you have further inquiries about RHEL, I suggest to contact Red Hat
support which is better equipped to help you than upstream community
members.


Regards,
Michal

On Tue, Aug 6, 2024 at 5:28 PM A Gunasekar via Users <users at clusterlabs.org>
wrote:

> Hi Team,
>
> Please be informed, we have got notified from our security tool that our
> pcs version 0.10 is affected by the *CVE-2024-25126, CVE-2024-26141 and
> CVE-2024-26146*
>
> It would be great if we help to get answers for the below queries.
>
>
>
> We are currently in RHEL 8.4 OS and using pcs 0.10 version, Is there any
> fix planned/available for this affection version (0.10.x) of pcs ?
>
>    - Let us know in which release this CVEs fix are planned ?
>
>
>
> *Our system Details:-*
>
> OS Version: RHEL 8.4
>
> Name        : pcs
>
> Version     : 0.10.16
>
> Release     : 1.el8
>
> Architecture: x86_64
>
>
>
>
>
> [image: Ericsson] <http://www.ericsson.com/>
>
> *Gunasekar A *
>
> Senior Software Analyst
>
> BDGS SA BSS PDU BSS PDG EC CH NGCRS
>
> Mobile: +919894561292
>
> Email ID: a.gunasekar at ericsson.com
>
>
>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>


-- 

MICHAL POSPÍŠIL
He / Him / His

Software Engineer

RHEL HA Cluster - PCS

Red Hat Czech, s.r.o. <https://www.redhat.com>
Purkyňova 665/115, 612 00 Brno
<https://www.redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20240806/aacda282/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 320 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20240806/aacda282/attachment-0001.png>

More information about the Users mailing list