—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: pcs security update
Advisory ID: RHSA-2018:1927-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1927
Issue date: 2018-06-19
CVE Names: CVE-2018-1086
=====================================================================

1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability (v. 6) – i386, x86_64
Red Hat Enterprise Linux Resilient Storage (v. 6) – i386, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the
Pacemaker and Corosync utilities.

Security Fix(es):

* pcs: Debug parameter removal bypass, allowing information disclosure
(CVE-2018-1086)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

This issue was discovered by Cedric Buissart (Red Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10
Technical Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1557366 – CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure

6. Package List:

Red Hat Enterprise Linux High Availability (v. 6):

Source:
pcs-0.9.155-3.el6.src.rpm

i386:
pcs-0.9.155-3.el6.i686.rpm
pcs-debuginfo-0.9.155-3.el6.i686.rpm

x86_64:
pcs-0.9.155-3.el6.x86_64.rpm
pcs-debuginfo-0.9.155-3.el6.x86_64.rpm

Red Hat Enterprise Linux Resilient Storage (v. 6):

Source:
pcs-0.9.155-3.el6.src.rpm

i386:
pcs-0.9.155-3.el6.i686.rpm
pcs-debuginfo-0.9.155-3.el6.i686.rpm

x86_64:
pcs-0.9.155-3.el6.x86_64.rpm
pcs-debuginfo-0.9.155-3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-1086
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html
https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBWyiNG9zjgjWX9erEAQjcTw//asqyV0hkdfW6QqCnqVnZN06hLwgEuqXD
sEl1HgiIopVvAAWWAH+Cub5Kk/8nJXVWvQxM6TByZssEwGjbQ8p22Ph1vtOYMqr0
ID0Kg4IqBR5SJe5VCGZBElduBiZdP6hxLNpTg7suaVmlXYSKPNIZr3vmvG1njt0b
ZtHmJaahcS+0pQIKEv6W29cYKAMX+mi/RgacPPMggFEz6cgG7IGC45LgyfxtmGNN
diKKnmgNkfzn2h4BpovZ+l8MB1mZUz3nI5vYQm5R6IiSoYwPKN3Jb8uHYdDtVPTD
mHURWLXwHTC05wh7S+ROk86F0OTJZFZtpIPUX68LrJG9Um7ebAWGz08nOZiFBxao
Lw47FLLIigUpiz23QJYIwXaSDAL5eKKLy77elF559sdS/Eqcvn4HyWrqTpD87Nti
yoPJEW5f9kQ9fkj/J/rTguFy2q6XJovoj0GoVDHLt71XFFRreFBkVvjpKNRZJ4c8
h0xOTt/7wGx3cj5bYlOHXLzIhvzOAQSK20MPC23o5XqUloHfm2ya1QHaPjR2rM6P
AkB7zZcjWIKD6fntXwjqJ4w/ikpTZcQ/iF3RFIM0sJWYvNF79ECv/6zeCKvfrEyH
W1JrGY0fpNVSrb7+kgIoOo/zr8MLzvOEiZDQkWIjPp+eJ75M7g59zI36PsD9HLbk
VOabtN7bAHU=
=X0dL
—–END PGP SIGNATURE—–

—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce