<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Ericsson Hilda";
panose-1:0 0 5 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.m4618491395621331111m-4999658159260330428msolistparagraph, li.m4618491395621331111m-4999658159260330428msolistparagraph, div.m4618491395621331111m-4999658159260330428msolistparagraph
{mso-style-name:m_4618491395621331111m-4999658159260330428msolistparagraph;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:997004285;
mso-list-template-ids:-459474942;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1979726438;
mso-list-template-ids:598378652;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-IN" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hi Tomas/Team,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">It would be great if you share in which latest cluster lab version the fixed are available for these CVE, so that we will take that version for upgrade.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="8" cellpadding="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><a href="http://www.ericsson.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";color:windowtext;text-decoration:none"><img border="0" width="30" height="30" style="width:.3125in;height:.3125in" id="Picture_x0020_5" src="cid:image001.png@01D93253.B1788400" alt="Ericsson"></span></a><span style="font-size:10.0pt;font-family:"Ericsson Hilda""><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
</tr>
<tr>
<td style="padding:.75pt .75pt 5.0pt .75pt">
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><b><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Gunasekar A
</span></b><b><span style="font-size:10.0pt;font-family:"Ericsson Hilda""><o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Senior Software Engineer<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">BDGS SA BSS PDU BSS PDG EC CH NGCRS<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Mobile: +919894561292<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Email ID:
<a href="mailto:a.gunasekar@ericsson.com"><span style="color:#0563C1">a.gunasekar@ericsson.com</span></a><b><o:p></o:p></b></span></p>
</td>
</tr>
</tbody>
</table>
<div style="mso-element:para-border-div;border:none;border-bottom:double windowtext 2.25pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal" style="border:none;padding:0cm"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">Hi A Gunasekar,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">The pcs-0.9 branch is unsupported and no longer maintained since
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">2021-04-16. There will be no further releases and commits in that
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">branch. Pcs-0.9 only works with Pacemaker 1.x and Corosync 2.x and those
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">have been unsupported for quite some time as well.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">I recommend updating your cluster stack to newer versions.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">Tomas<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> A Gunasekar
<br>
<b>Sent:</b> 20 January 2023 15:55<br>
<b>To:</b> Reid Wahl <nwahl@redhat.com>; Cluster Labs - All topics related to open-source clustering welcomed <users@clusterlabs.org><br>
<b>Cc:</b> M Vasanthakumar <m.vasanthakumar@ericsson.com>; S Sathish S <s.s.sathish@ericsson.com><br>
<b>Subject:</b> RE: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hi Wahl/Team,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">The solution Tomas as suggested is from Redhat delivered rpm packages “</span><b>pcs-0.9.169-3.el7_9.3</b><span style="mso-fareast-language:EN-US">”.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">But we are using Cluster Lab source packages to build pcs rpms for our node.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">So it would be good if we get the fixed release details from Cluster Lab for the reported CVEs.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="8" cellpadding="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><a href="http://www.ericsson.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";color:windowtext;text-decoration:none"><img border="0" width="30" height="30" style="width:.3125in;height:.3125in" id="Picture_x0020_4" src="cid:image001.png@01D93253.B1788400" alt="Ericsson"></span></a><span style="font-size:10.0pt;font-family:"Ericsson Hilda""><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
</tr>
<tr>
<td style="padding:.75pt .75pt 5.0pt .75pt">
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><b><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Gunasekar A
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Senior Software Engineer<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">BDGS SA BSS PDU BSS PDG EC CH NGCRS<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Mobile: +919894561292<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-line-height-alt:3.0pt"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Email ID:
<a href="mailto:a.gunasekar@ericsson.com"><span style="color:#0563C1">a.gunasekar@ericsson.com</span></a><b><o:p></o:p></b></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> A Gunasekar
<br>
<b>Sent:</b> 20 January 2023 15:12<br>
<b>To:</b> Reid Wahl <<a href="mailto:nwahl@redhat.com">nwahl@redhat.com</a>><br>
<b>Cc:</b> M Vasanthakumar <<a href="mailto:m.vasanthakumar@ericsson.com">m.vasanthakumar@ericsson.com</a>>; S Sathish S <<a href="mailto:s.s.sathish@ericsson.com">s.s.sathish@ericsson.com</a>><br>
<b>Subject:</b> RE: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Thanks Wahl for this information
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Reid Wahl <<a href="mailto:nwahl@redhat.com">nwahl@redhat.com</a>>
<br>
<b>Sent:</b> 20 January 2023 11:57<br>
<b>To:</b> A Gunasekar <<a href="mailto:a.gunasekar@ericsson.com">a.gunasekar@ericsson.com</a>><br>
<b>Cc:</b> M Vasanthakumar <<a href="mailto:m.vasanthakumar@ericsson.com">m.vasanthakumar@ericsson.com</a>>; S Sathish S <<a href="mailto:s.s.sathish@ericsson.com">s.s.sathish@ericsson.com</a>><br>
<b>Subject:</b> Re: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Thu, Jan 19, 2023 at 9:19 PM A Gunasekar <<a href="mailto:a.gunasekar@ericsson.com">a.gunasekar@ericsson.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi Wahl,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Tomas update was not visible to us and Thanks for sharing it here.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-ccdbf0db8445bdb4&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2022-December%2F030734.html" target="_blank">https://lists.clusterlabs.org/pipermail/users/2022-December/030734.html</a><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">You're welcome. Unfortunately, the threads are separated by month. So if a reply is sent in a different month, it doesn't appear in the original thread. You sent your original email in December, and Tomas replied in January. See the following
links:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-8bc25f8cc580c14b&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2023-January%2Fthread.html">https://lists.clusterlabs.org/pipermail/users/2023-January/thread.html</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-da3abaa3680ed01a&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2023-January%2F030750.html">https://lists.clusterlabs.org/pipermail/users/2023-January/030750.html</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="8" cellpadding="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="http://www.ericsson.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";color:windowtext;text-decoration:none"><img border="0" width="30" height="30" style="width:.3125in;height:.3125in" id="m_4618491395621331111Picture_x0020_3" src="cid:image001.png@01D93253.B1788400" alt="Ericsson"></span></a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
</tr>
<tr>
<td style="padding:.75pt .75pt 5.0pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Gunasekar A
</span></b><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Senior Software Engineer</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">BDGS SA BSS PDU BSS PDG EC CH NGCRS</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Mobile: +919894561292</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Email ID:
<a href="mailto:a.gunasekar@ericsson.com" target="_blank"><span style="color:#0563C1">a.gunasekar@ericsson.com</span></a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;border-color:currentcolor currentcolor">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Reid Wahl <<a href="mailto:nwahl@redhat.com" target="_blank">nwahl@redhat.com</a>>
<br>
<b>Sent:</b> 20 January 2023 03:07<br>
<b>To:</b> Cluster Labs - All topics related to open-source clustering welcomed <<a href="mailto:users@clusterlabs.org" target="_blank">users@clusterlabs.org</a>><br>
<b>Cc:</b> A Gunasekar <<a href="mailto:a.gunasekar@ericsson.com" target="_blank">a.gunasekar@ericsson.com</a>>; M Vasanthakumar <<a href="mailto:m.vasanthakumar@ericsson.com" target="_blank">m.vasanthakumar@ericsson.com</a>>; S Sathish S <<a href="mailto:s.s.sathish@ericsson.com" target="_blank">s.s.sathish@ericsson.com</a>><br>
<b>Subject:</b> Re: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358</span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On Thu, Jan 19, 2023 at 12:54 PM A Gunasekar via Users <<a href="mailto:users@clusterlabs.org" target="_blank">users@clusterlabs.org</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid windowtext 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi Team,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Can we get some update on this.<o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">What update are you seeking? It looks like Tomas already answered your question. I'll paste his answer again here.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">> Hi A Gunasekar,<br>
> <br>
> As far as I can see, updated pcs packages pcs-0.9.169-3.el7_9.3 which <br>
> fix the mentioned CVEs were released on 2022-11-02.<br>
> <br>
> Regards,<br>
> Tomas<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid windowtext 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="8" cellpadding="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="http://www.ericsson.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";color:windowtext;text-decoration:none"><img border="0" width="30" height="30" style="width:.3125in;height:.3125in" id="m_4618491395621331111m_-4999658159260330428Picture_x0020_2" src="cid:image001.png@01D93253.B1788400" alt="Ericsson"></span></a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
</tr>
<tr>
<td style="padding:.75pt .75pt 5.0pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Gunasekar A
</span></b><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Senior Software Engineer</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">BDGS SA BSS PDU BSS PDG EC CH NGCRS</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Mobile: +919894561292</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Email ID:
<a href="mailto:a.gunasekar@ericsson.com" target="_blank">a.gunasekar@ericsson.com</a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;border-color:currentcolor">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> A Gunasekar
<br>
<b>Sent:</b> 21 December 2022 18:59<br>
<b>To:</b> <a href="mailto:users@clusterlabs.org" target="_blank">users@clusterlabs.org</a><br>
<b>Cc:</b> S Sathish S <<a href="mailto:s.s.sathish@ericsson.com" target="_blank">s.s.sathish@ericsson.com</a>>; M Vasanthakumar <<a href="mailto:m.vasanthakumar@ericsson.com" target="_blank">m.vasanthakumar@ericsson.com</a>><br>
<b>Subject:</b> Fix for CVE-2022-30123 and CVE-2019-11358</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi Team,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Please be informed, we have got notified from our security tool that our pcs version 0.9 is affected by the
<b>CVE-2022-30123 and CVE-2019-11358</b>. <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">It would be great if we help to get answers for the below queries.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b> </b><o:p></o:p></p>
<ul type="disc">
<li class="m4618491395621331111m-4999658159260330428msolistparagraph" style="mso-list:l0 level1 lfo3">
We are currently in RHEL 7.9 OS and using pcs 0.9 version, Is there any fix planned/available for this affection version (0.9.x) of pcs ?<o:p></o:p></li><li class="m4618491395621331111m-4999658159260330428msolistparagraph" style="mso-list:l0 level1 lfo3">
Let us know in which release this CVEs fix are planned ?<o:p></o:p></li></ul>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b> </b><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>Our system Details:-</b><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">OS Version: RHEL 7.9<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Cluster lab PCS version: 0.9<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="8" cellpadding="0">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="http://www.ericsson.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Ericsson Hilda";color:windowtext;text-decoration:none"><img border="0" width="30" height="30" style="width:.3125in;height:.3125in" id="m_4618491395621331111m_-4999658159260330428Picture_x0020_1" src="cid:image001.png@01D93253.B1788400" alt="Ericsson"></span></a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
</tr>
<tr>
<td style="padding:.75pt .75pt 5.0pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Gunasekar A
</span></b><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Senior Software Engineer</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">BDGS SA BSS PDU BSS PDG EC CH NGCRS</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Mobile: +919894561292</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Ericsson Hilda"">Email ID:
<a href="mailto:a.gunasekar@ericsson.com" target="_blank">a.gunasekar@ericsson.com</a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">_______________________________________________<br>
Manage your subscription:<br>
<a href="https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-d41b18997a64a81a&q=1&e=59a6df80-228c-4bfb-a417-9820eb29ea91&u=https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers" target="_blank">https://lists.clusterlabs.org/mailman/listinfo/users</a><br>
<br>
ClusterLabs home: <a href="https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-b3537e65a3f1def4&q=1&e=59a6df80-228c-4bfb-a417-9820eb29ea91&u=https%3A%2F%2Fwww.clusterlabs.org%2F" target="_blank">
https://www.clusterlabs.org/</a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br clear="all">
<br>
-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Regards,<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Reid Wahl (He/Him)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Senior Software Engineer, Red Hat<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">RHEL High Availability - Pacemaker<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br clear="all">
<br>
-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Regards,<o:p></o:p></p>
</div>
<p class="MsoNormal">Reid Wahl (He/Him)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Senior Software Engineer, Red Hat<o:p></o:p></p>
</div>
<p class="MsoNormal">RHEL High Availability - Pacemaker<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>