[ClusterLabs] pcs 0.9.164 released
Tomas Jelinek
tojeline at redhat.com
Tue Apr 10 03:34:34 EDT 2018
I am happy to announce the latest release of pcs, version 0.9.164.
Source code is available at:
https://github.com/ClusterLabs/pcs/archive/0.9.164.tar.gz
or
https://github.com/ClusterLabs/pcs/archive/0.9.164.zip
This is a security release fixing 3 CVEs, one of them is rated as
Important and two are rated as Moderate.
Complete change log for this release:
## [0.9.164] - 2018-04-09
### Security
- CVE-2018-1086: Debug parameter removal bypass, allowing information
disclosure ([rhbz#1557366])
- CVE-2018-1079: Privilege escalation via authorized user malicious REST
call ([rhbz#1550243])
- CVE-2018-1000119 rack-protection: Timing attack in
authenticity_token.rb ([rhbz#1534027])
Thanks / congratulations to everyone who contributed to this release,
including Ivan Devat, Ondrej Famera, Ondrej Mular and Tomas Jelinek.
Cheers,
Tomas
[rhbz#1534027]: https://bugzilla.redhat.com/show_bug.cgi?id=1534027
[rhbz#1550243]: https://bugzilla.redhat.com/show_bug.cgi?id=1550243
[rhbz#1557366]: https://bugzilla.redhat.com/show_bug.cgi?id=1557366
More information about the Users
mailing list