INFSA-2025:2872: pcs security update
Information about definition
Identificator: INFSA-2025:2872
Type: security
Release date: 2025-03-31 06:51:35 UTC
Information about package
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Vulnerabilities description
- CVE-2024-52804
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
Severity level
CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
---|---|---|---|
NIST — CVE-2024-52804
|
no information | 7.5 | no information |
Updated packages