Hello Gunasekar, The mentioned vulnerabilities do not directly affect pcs. Therefore, there are no upstream pcs fixes. Downstream, in RHEL, pcs ships with some bundled components. All 3 of these vulnerabilities affect one of those components - rubygem Rack (https://rubygems.org/gems/rack). All of them were already fixed, see the following links: https://access.redhat.com/security/cve/CVE-2024-25126 https://access.redhat.com/security/cve/CVE-2024-26141 https://access.redhat.com/security/cve/CVE-2024-26146
If you have further inquiries about RHEL, I suggest to contact Red Hat support which is better equipped to help you than upstream community members. Regards, Michal On Tue, Aug 6, 2024 at 5:28 PM A Gunasekar via Users <users@clusterlabs.org> wrote: > Hi Team, > > Please be informed, we have got notified from our security tool that our > pcs version 0.10 is affected by the *CVE-2024-25126, CVE-2024-26141 and > CVE-2024-26146* > > It would be great if we help to get answers for the below queries. > > > > We are currently in RHEL 8.4 OS and using pcs 0.10 version, Is there any > fix planned/available for this affection version (0.10.x) of pcs ? > > - Let us know in which release this CVEs fix are planned ? > > > > *Our system Details:-* > > OS Version: RHEL 8.4 > > Name : pcs > > Version : 0.10.16 > > Release : 1.el8 > > Architecture: x86_64 > > > > > > [image: Ericsson] <http://www.ericsson.com/> > > *Gunasekar A * > > Senior Software Analyst > > BDGS SA BSS PDU BSS PDG EC CH NGCRS > > Mobile: +919894561292 > > Email ID: a.gunase...@ericsson.com > > > > > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ > -- MICHAL POSPÍŠIL He / Him / His Software Engineer RHEL HA Cluster - PCS Red Hat Czech, s.r.o. <https://www.redhat.com> Purkyňova 665/115, 612 00 Brno <https://www.redhat.com>
_______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
