INFSA-2025:2872: pcs security update

Information about definition

Identificator: INFSA-2025:2872

Type: security

Release date: 2025-03-31 06:51:35 UTC

Information about package

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Vulnerabilities description

  • CVE-2024-52804

    Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.

Severity level

CVE Score CVSS 2.0 Score CVSS 3.x Score CVSS 4.0
no information 7.5 no information
Critical, important, moderate, low

Updated packages