INFSA-2024:5338: pcs security update
Information about definition
Identificator: INFSA-2024:5338
Type: security
Release date: 2024-08-27 10:07:12 UTC
Information about package
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Vulnerabilities description
- CVE-2024-35176
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-35176
|
no information | 5.3 | no information |
Updated packages