<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Ericsson Hilda";
panose-1:0 0 5 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle19
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1421024474;
mso-list-type:hybrid;
mso-list-template-ids:1083500630 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1789742920;
mso-list-template-ids:-1714108236;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-IN" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hi Team,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Please be informed, we have got notified from our security tool that our pcs version 0.9 is affected by the
<b>CVE-2022-2735</b>. <o:p></o:p></p>
<p class="MsoNormal">It would be great if you help to get answers for the below queries.<o:p></o:p></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo3">We are currently in RHEL 7.9 OS and using pcs 0.9 version, Is there any fix planned/available for this affection version (0.9.x) of pcs ?<b><o:p></o:p></b></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo3">From Cluster Lab portal, we can see even the pcs 0.10.x (or) the main branch 0.11.x released versions don’t have fix for this CVE. So kindly let us know in which release this CVE fix
is planned ?<b><o:p></o:p></b></li></ul>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><b><a href="https://github.com/ClusterLabs/pcs/blob/main/CHANGELOG.md">https://github.com/ClusterLabs/pcs/blob/main/CHANGELOG.md</a><o:p></o:p></b></p>
<p class="MsoNormal"><i>Change Log<o:p></o:p></i></p>
<p class="MsoNormal"><i>[<span style="background:yellow;mso-highlight:yellow">Unreleased</span>]<o:p></o:p></i></p>
<p class="MsoNormal"><i>Security<o:p></o:p></i></p>
<p class="MsoNormal"><b><i>CVE-2022-2735 </i></b><i>pcs: obtaining an authentication token for hacluster user could lead to privilege escalation (rhbz#2116841)<o:p></o:p></i></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><b>Our system Details:-<o:p></o:p></b></p>
<p class="MsoNormal">OS Version: RHEL 7.9<o:p></o:p></p>
<p class="MsoNormal">Cluster lab PCS version: 0.9<o:p></o:p></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="8" cellpadding="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><a href="http://www.ericsson.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";color:windowtext;mso-fareast-language:EN-IN;text-decoration:none"><img border="0" width="30" height="30" style="width:.3125in;height:.3125in" id="Picture_x0020_1" src="cid:image001.png@01D8C69C.E234F970" alt="Ericsson"></span></a><span style="font-size:10.0pt;font-family:"Ericsson Hilda";mso-fareast-language:EN-IN"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
</tr>
<tr>
<td style="padding:.75pt .75pt 5.0pt .75pt">
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><b><span style="font-size:10.0pt;font-family:"Ericsson Hilda";mso-fareast-language:EN-IN">Gunasekar A
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";mso-fareast-language:EN-IN">Senior Software Engineer<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";mso-fareast-language:EN-IN">BDGS SA BSS PDU BSS PDG EC CH NGCRS<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";mso-fareast-language:EN-IN">Mobile: +919894561292<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";mso-fareast-language:EN-IN">Email ID:
<a href="mailto:gunalan.a.s@ericsson.com">a.gunasekar@ericsson.com</a><b><o:p></o:p></b></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="mso-fareast-language:EN-IN"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>