Red Hat Security Advisory: pcs security update
Multiple denial-of-service (DoS) vulnerabilities have been identified in the rubygem-rexml library used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 8. These vulnerabilities involve parsing XML with many specific characters, potentially causing resource exhaustion. Red Hat has issued a security advisory with updates to address these issues in the pcs packages for various architectures and extended life cycle versions of RHEL 8.
AI Analysis
Technical Summary
The pcs packages in Red Hat Enterprise Linux 8, which configure Pacemaker and Corosync, are affected by three DoS vulnerabilities in the rubygem-rexml XML parser (CVE-2024-41123, CVE-2024-41946, CVE-2024-43398). These vulnerabilities occur when parsing XML containing many specific characters such as whitespace, >], and ]>, leading to denial of service. Red Hat has released updated pcs packages to fix these issues across multiple architectures and extended life cycle variants of RHEL 8. No CVSS scores are provided in the advisory, but the impact is rated moderate by Red Hat Product Security.
Potential Impact
Successful exploitation of these vulnerabilities can cause denial of service by exhausting resources during XML parsing in pcs, potentially disrupting configuration management of cluster services (Pacemaker and Corosync). There is no indication of code execution or data compromise. No known exploits in the wild have been reported.
Mitigation Recommendations
Red Hat has released updated pcs packages that address these DoS vulnerabilities. Users should apply the security update RHSA-2024:6670 for Red Hat Enterprise Linux 8 and its extended life cycle variants to remediate the issues. Refer to https://access.redhat.com/articles/11258 for update instructions. No additional mitigations are indicated or required beyond applying the official patch.
Red Hat Security Advisory: pcs security update
Description
Multiple denial-of-service (DoS) vulnerabilities have been identified in the rubygem-rexml library used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 8. These vulnerabilities involve parsing XML with many specific characters, potentially causing resource exhaustion. Red Hat has issued a security advisory with updates to address these issues in the pcs packages for various architectures and extended life cycle versions of RHEL 8.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The pcs packages in Red Hat Enterprise Linux 8, which configure Pacemaker and Corosync, are affected by three DoS vulnerabilities in the rubygem-rexml XML parser (CVE-2024-41123, CVE-2024-41946, CVE-2024-43398). These vulnerabilities occur when parsing XML containing many specific characters such as whitespace, >], and ]>, leading to denial of service. Red Hat has released updated pcs packages to fix these issues across multiple architectures and extended life cycle variants of RHEL 8. No CVSS scores are provided in the advisory, but the impact is rated moderate by Red Hat Product Security.
Potential Impact
Successful exploitation of these vulnerabilities can cause denial of service by exhausting resources during XML parsing in pcs, potentially disrupting configuration management of cluster services (Pacemaker and Corosync). There is no indication of code execution or data compromise. No known exploits in the wild have been reported.
Mitigation Recommendations
Red Hat has released updated pcs packages that address these DoS vulnerabilities. Users should apply the security update RHSA-2024:6670 for Red Hat Enterprise Linux 8 and its extended life cycle variants to remediate the issues. Refer to https://access.redhat.com/articles/11258 for update instructions. No additional mitigations are indicated or required beyond applying the official patch.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:6670
- Cve Count
- 3
- Additional Cves
- ["CVE-2024-41946","CVE-2024-43398"]
- Cvss Version
- null
Threat ID: 6a3da1f04853345fc183211e
Added to database: 06/25/2026, 21:47:28 UTC
Last enriched: 06/25/2026, 22:43:47 UTC
Last updated: 06/26/2026, 03:00:49 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.