Hi Wahl/Team, The solution Tomas as suggested is from Redhat delivered rpm packages “pcs-0.9.169-3.el7_9.3”.
But we are using Cluster Lab source packages to build pcs rpms for our node. So it would be good if we get the fixed release details from Cluster Lab for the reported CVEs. [Ericsson]<http://www.ericsson.com/> Gunasekar A Senior Software Engineer BDGS SA BSS PDU BSS PDG EC CH NGCRS Mobile: +919894561292 Email ID: [email protected]<mailto:[email protected]> From: A Gunasekar Sent: 20 January 2023 15:12 To: Reid Wahl <[email protected]<mailto:[email protected]>> Cc: M Vasanthakumar <[email protected]<mailto:[email protected]>>; S Sathish S <[email protected]<mailto:[email protected]>> Subject: RE: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358 Thanks Wahl for this information From: Reid Wahl <[email protected]<mailto:[email protected]>> Sent: 20 January 2023 11:57 To: A Gunasekar <[email protected]<mailto:[email protected]>> Cc: M Vasanthakumar <[email protected]<mailto:[email protected]>>; S Sathish S <[email protected]<mailto:[email protected]>> Subject: Re: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358 On Thu, Jan 19, 2023 at 9:19 PM A Gunasekar <[email protected]<mailto:[email protected]>> wrote: Hi Wahl, Tomas update was not visible to us and Thanks for sharing it here. https://lists.clusterlabs.org/pipermail/users/2022-December/030734.html<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-ccdbf0db8445bdb4&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2022-December%2F030734.html> You're welcome. Unfortunately, the threads are separated by month. So if a reply is sent in a different month, it doesn't appear in the original thread. You sent your original email in December, and Tomas replied in January. See the following links: https://lists.clusterlabs.org/pipermail/users/2023-January/thread.html<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-8bc25f8cc580c14b&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2023-January%2Fthread.html> https://lists.clusterlabs.org/pipermail/users/2023-January/030750.html<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-da3abaa3680ed01a&q=1&e=a7a59750-e061-4298-8714-ebe38fc95520&u=https%3A%2F%2Flists.clusterlabs.org%2Fpipermail%2Fusers%2F2023-January%2F030750.html> [Ericsson]<http://www.ericsson.com/> Gunasekar A Senior Software Engineer BDGS SA BSS PDU BSS PDG EC CH NGCRS Mobile: +919894561292 Email ID: [email protected]<mailto:[email protected]> From: Reid Wahl <[email protected]<mailto:[email protected]>> Sent: 20 January 2023 03:07 To: Cluster Labs - All topics related to open-source clustering welcomed <[email protected]<mailto:[email protected]>> Cc: A Gunasekar <[email protected]<mailto:[email protected]>>; M Vasanthakumar <[email protected]<mailto:[email protected]>>; S Sathish S <[email protected]<mailto:[email protected]>> Subject: Re: [ClusterLabs] Fix for CVE-2022-30123 and CVE-2019-11358 On Thu, Jan 19, 2023 at 12:54 PM A Gunasekar via Users <[email protected]<mailto:[email protected]>> wrote: Hi Team, Can we get some update on this. Hi, What update are you seeking? It looks like Tomas already answered your question. I'll paste his answer again here. > Hi A Gunasekar, > > As far as I can see, updated pcs packages pcs-0.9.169-3.el7_9.3 which > fix the mentioned CVEs were released on 2022-11-02. > > Regards, > Tomas [Ericsson]<http://www.ericsson.com/> Gunasekar A Senior Software Engineer BDGS SA BSS PDU BSS PDG EC CH NGCRS Mobile: +919894561292 Email ID: [email protected]<mailto:[email protected]> From: A Gunasekar Sent: 21 December 2022 18:59 To: [email protected]<mailto:[email protected]> Cc: S Sathish S <[email protected]<mailto:[email protected]>>; M Vasanthakumar <[email protected]<mailto:[email protected]>> Subject: Fix for CVE-2022-30123 and CVE-2019-11358 Hi Team, Please be informed, we have got notified from our security tool that our pcs version 0.9 is affected by the CVE-2022-30123 and CVE-2019-11358. It would be great if we help to get answers for the below queries. * We are currently in RHEL 7.9 OS and using pcs 0.9 version, Is there any fix planned/available for this affection version (0.9.x) of pcs ? * Let us know in which release this CVEs fix are planned ? Our system Details:- OS Version: RHEL 7.9 Cluster lab PCS version: 0.9 [Ericsson]<http://www.ericsson.com/> Gunasekar A Senior Software Engineer BDGS SA BSS PDU BSS PDG EC CH NGCRS Mobile: +919894561292 Email ID: [email protected]<mailto:[email protected]> _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-d41b18997a64a81a&q=1&e=59a6df80-228c-4bfb-a417-9820eb29ea91&u=https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers> ClusterLabs home: https://www.clusterlabs.org/<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-b3537e65a3f1def4&q=1&e=59a6df80-228c-4bfb-a417-9820eb29ea91&u=https%3A%2F%2Fwww.clusterlabs.org%2F> -- Regards, Reid Wahl (He/Him) Senior Software Engineer, Red Hat RHEL High Availability - Pacemaker -- Regards, Reid Wahl (He/Him) Senior Software Engineer, Red Hat RHEL High Availability - Pacemaker
_______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
