[ClusterLabs] pcs 0.9.164 released

Tomas Jelinek tojeline at redhat.com
Tue Apr 10 03:34:34 EDT 2018

I am happy to announce the latest release of pcs, version 0.9.164.

Source code is available at:

This is a security release fixing 3 CVEs, one of them is rated as
Important and two are rated as Moderate.

Complete change log for this release:
## [0.9.164] - 2018-04-09

### Security
- CVE-2018-1086: Debug parameter removal bypass, allowing information
   disclosure ([rhbz#1557366])
- CVE-2018-1079: Privilege escalation via authorized user malicious REST
   call ([rhbz#1550243])
- CVE-2018-1000119 rack-protection: Timing attack in
   authenticity_token.rb ([rhbz#1534027])

Thanks / congratulations to everyone who contributed to this release,
including Ivan Devat, Ondrej Famera, Ondrej Mular and Tomas Jelinek.


[rhbz#1534027]: https://bugzilla.redhat.com/show_bug.cgi?id=1534027
[rhbz#1550243]: https://bugzilla.redhat.com/show_bug.cgi?id=1550243
[rhbz#1557366]: https://bugzilla.redhat.com/show_bug.cgi?id=1557366

More information about the Users mailing list