[ClusterLabs] Fix for CVE-2024-41123, CVE-2024-41946, CVE-2024-43398
Tomas Jelinek
tojeline at redhat.com
Mon Oct 21 15:19:00 UTC 2024
Hi,
The listed CVEs describe vulnerabilities in REXML library. Pcs source
code is not affected. Therefore, no fix is available / planned in pcs
source code to address these.
However, if you are using rexml packages or pcs packages which contain a
copy of REXML, I suggest to keep them upgraded to the latest available
version.
Regards,
Tomas
Dne 13. 10. 24 v 6:40 NS Lokesh via Users napsal(a):
> Hi Team,
>
> Please be informed, we have got notified from our security tool that our
> pcs version 0.10 is affected by the
> *CVE-2024-41123,CVE-2024-41946,CVE-2024-43398*
>
> It would be great if we help to get answers for the below queries.
>
> 1. Is clusterlab pcs affected by the above mention CVE’s?
> 2. Is there any fix planned/available for this affection version
> (0.10.x) of pcs ?
> 3. Let us know in which release this CVEs fix are planned ?
>
> We are currently in RHEL 8.6 OS and using pcs 0.10 version, **
>
> *Our system Details:-*
>
> OS Version: RHEL 8.6
>
> Name : pcs
>
> Version : 0.10.16
>
> Release : 1.el8
>
> Architecture: x86_64
>
> Regards,
>
> Lokesh NS
>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
More information about the Users
mailing list