[SECURITY] [DSA 4169-1] pcs security update

From: Yves-Alexis Perez <corsac@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4169-1] pcs security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4169-1                   security@debian.org
https://www.debian.org/security/                        Yves-Alexis Perez
April 11, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pcs
CVE ID         : CVE-2018-1086
Debian Bug     : 895313

Cdric Buissart from Red Hat discovered an information disclosure bug in pcs, a
pacemaker command line interface and GUI. The REST interface normally doesn't
allow passing --debug parameter to prevent information leak, but the check
wasn't sufficient.

For the stable distribution (stretch), this problem has been fixed in
version 0.9.155+dfsg-2+deb9u1.

We recommend that you upgrade your pcs packages.

For the detailed security status of pcs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pcs

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlrNxsYACgkQ3rYcyPpX
RFsDlggAy2SHmo+lw4mEkodTH6bISba9cSLBBkalg4bhPmWLHnDw9PFIrUKV6HzB
RoNzoMrsJsi4NDutw0aV9YjyuLYd/OmX8rMP/4zaI/bA4wMkz2EBQ6TkTGIlbYl7
ljTZWSBflfAqU18zIf1gH7jkDN+M3EkWfyJJVCj3KRRwMOCJtgL0GLAJLDB3jn41
Np56spr5F2i+iscpPYVDpJLrPp7A0d+HaVTMLhdlpTK09iUiLiH42MdvYgfdU3z3
LV77zWBR4VgUkqbYcfx2GHupstwC5toYDg771Ukaj69T2N/45wOthlUcSY4dQZlH
8g9WbQwWVJBR4P01nKeUuN/FWgpHtA==
=oRuL
-----END PGP SIGNATURE-----





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.