[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY] [DSA 4169-1] pcs security update
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [SECURITY] [DSA 4169-1] pcs security update
- From: Yves-Alexis Perez <corsac@xxxxxxxxxx>
- Date: Wed, 11 Apr 2018 10:26:59 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4169-1 security@xxxxxxxxxx
https://www.debian.org/security/ Yves-Alexis Perez
April 11, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pcs
CVE ID : CVE-2018-1086
Debian Bug : 895313
Cédric Buissart from Red Hat discovered an information disclosure bug in pcs, a
pacemaker command line interface and GUI. The REST interface normally doesn't
allow passing --debug parameter to prevent information leak, but the check
wasn't sufficient.
For the stable distribution (stretch), this problem has been fixed in
version 0.9.155+dfsg-2+deb9u1.
We recommend that you upgrade your pcs packages.
For the detailed security status of pcs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pcs
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlrNxsYACgkQ3rYcyPpX
RFsDlggAy2SHmo+lw4mEkodTH6bISba9cSLBBkalg4bhPmWLHnDw9PFIrUKV6HzB
RoNzoMrsJsi4NDutw0aV9YjyuLYd/OmX8rMP/4zaI/bA4wMkz2EBQ6TkTGIlbYl7
ljTZWSBflfAqU18zIf1gH7jkDN+M3EkWfyJJVCj3KRRwMOCJtgL0GLAJLDB3jn41
Np56spr5F2i+iscpPYVDpJLrPp7A0d+HaVTMLhdlpTK09iUiLiH42MdvYgfdU3z3
LV77zWBR4VgUkqbYcfx2GHupstwC5toYDg771Ukaj69T2N/45wOthlUcSY4dQZlH
8g9WbQwWVJBR4P01nKeUuN/FWgpHtA==
=oRuL
-----END PGP SIGNATURE-----