Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2023-27539) (Multiple Advisories): pcs security update

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: (CVE-2023-27539) (Multiple Advisories): pcs security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/13/2023
Created
05/31/2023
Added
05/30/2023
Modified
07/21/2023

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2023-12595:

[0.11.4-7] - Fix displaying differences between configuration checkpoints in "pcs config checkpoint diff" command - Fix "pcs stonith update-scsi-devices" command which was broken since Pacemaker-2.1.5-rc1 - Fixed loading of cluster status in the web interface when fencing levels are configured - Fixed a vulnerability in pcs-web-ui-node-modules - Updated bundled rubygem rack - Resolves: rhbz#2179901 rhbz#2180697 rhbz#2180704 rhbz#2180708 rhbz#2180978 rhbz#2183180 [0.11.4-6] - Fixed broken filtering in create resource/fence device wizards in the web interface - Added BuildRequires: pam - needed for tier0 tests during build - Resolves: rhbz#2167471 [0.11.4-5] - Fixed enabling/disabling sbd when cluster is not running - Resolves: rhbz#2166249 [0.11.4-4] - Rebuilt with fixed patches - Resolves: rhbz#2158790 rhbz#2159454 [0.11.4-3] - Allow time values in stonith-watchdog-time property - Resource/stonith agent self-validation of instance attributes is now disabled by default, as many agents do not work with it properly. - Updated bundled rubygems: rack, rack-protection, sinatra - Added license for ruby2_keywords - Resolves: rhbz#2158790 rhbz#2159454 [0.11.4-2] - Fixed stopping of pcsd service using systemctl stop pcsd command - Fixed smoke test execution during gating - Added warning when omitting validation of misconfigured resource - Fixed displaying of bool and integer values in pcs resource config command - Updated bundled rubygems: ethon, rack-protection, sinatra - Resolves: rhbz#2148124 rhbz#2151164 rhbz#2151524 [0.11.4-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Resolves: rhbz#1620043 rhbz#2019464 rhbz#2099653 rhbz#2109633 rhbz#2112293 rhbz#2116295 rhbz#2117600 rhbz#2117601 [0.11.3-5] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Added bundled rubygem: childprocess - Removed bundled rubygem: open4 - Updated bundled rubygems: mustermann, rack, rack-protection, rack-test, sinatra, tilt - Resolves: rhbz#1493416 rhbz#1796827 rhbz#2059147 rhbz#2092950 rhbz#2112079 rhbz#2112270 rhbz#2112293 rhbz#2117599 rhbz#2117601

Solution(s)

  • oracle-linux-upgrade-pcs
  • oracle-linux-upgrade-pcs-snmp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;