RHSA-2020:2462: Moderate: pcs security and bug fix update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.Security Fix(es): rubygem-json: Unsafe Object Creation Vulnerability in JSON (CVE-2020-10663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): pcs status on remotes is not working on rhel8.2 any longer (BZ#1832914) pcs cluster stop --all throws errors and doesn't seem to honor the request-timeout option (BZ#1838084) [GUI] Colocation constraint can't be added (BZ#1840158)
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:2462?
The severity of RHSA-2020:2462 is classified as moderate.
What vulnerability does RHSA-2020:2462 address?
RHSA-2020:2462 addresses the unsafe object creation vulnerability in the rubygem-json package, identified as CVE-2020-10663.
How do I fix RHSA-2020:2462?
To fix RHSA-2020:2462, update the pcs and pcs-snmp packages to version 0.10.4-6.el8_2.1 or later.
Which software packages are affected by RHSA-2020:2462?
The packages affected by RHSA-2020:2462 include pcs and pcs-snmp versions prior to 0.10.4-6.el8_2.1.
How can I determine if my system is vulnerable to RHSA-2020:2462?
To check if your system is vulnerable to RHSA-2020:2462, verify the installed versions of pcs and pcs-snmp against the fixed version.