Threat Intelligence Database

A moderate severity open redirect vulnerability (CVE-2024-21510) exists in the Sinatra component used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 8. This vulnerability is related to improper handling of the X-Forwarded-Host header. Red Hat has issued a security advisory (RHSA-2024:10987) and released updated pcs packages to address this issue.

This advisory addresses multiple denial of service (DoS) vulnerabilities in the rubygem-rack component used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 9.0 Extended Update Support. The vulnerabilities include issues in Content-Type parsing, Range header handling, and header parsing in Rack. Red Hat has released updated pcs packages to fix these vulnerabilities.

This advisory addresses multiple denial of service (DoS) vulnerabilities in the rubygem-rack component used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 9.2 Extended Update Support. The vulnerabilities involve content-type parsing, range header handling, and header parsing in Rack. Red Hat has released updated pcs packages to fix these issues.

Red Hat has issued a moderate severity security advisory (RHSA-2024:2113) addressing denial of service vulnerabilities in the rubygem-rack component used by the pcs packages, which configure Pacemaker and Corosync utilities. The vulnerabilities include issues in Content-Type parsing, Range header handling, and header parsing. The advisory affects multiple Red Hat Enterprise Linux 9 variants, including High Availability and Resilient Storage editions across various architectures. A security update is available to remediate these issues.

This advisory addresses multiple denial of service (DoS) vulnerabilities in the rubygem-rack component used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 8.8 Extended Update Support. The vulnerabilities include issues in Content-Type parsing, Range header handling, and header parsing in Rack. Red Hat has released updated pcs packages to fix these issues.

This advisory addresses multiple denial of service (DoS) vulnerabilities in the rubygem-rack component used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 8. The vulnerabilities include issues in Content-Type parsing, Range header handling, and header parsing. The update fixes these issues in Red Hat Enterprise Linux 8.10 and related high availability and resilient storage variants.

This advisory addresses multiple denial of service (DoS) vulnerabilities in the rubygem-rack component used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 8.6 Extended Update Support. The vulnerabilities include issues in Content-Type parsing, Range header handling, and header parsing within Rack. Red Hat has released updated pcs packages to fix these issues.

A low severity vulnerability (CVE-2024-35176) affects the pcs packages used for command-line configuration of Pacemaker and Corosync utilities in Red Hat Enterprise Linux 8. The issue involves a denial of service (DoS) caused by the REXML parser when processing XML attributes containing many '<' characters. Red Hat has released an update to address this vulnerability in multiple Red Hat Enterprise Linux 8 variants, including High Availability and Resilient Storage editions across various architectures. No known exploits are reported in the wild. The update is available and should be applied to affected systems.

Multiple denial-of-service (DoS) vulnerabilities have been identified in the rubygem-rexml library used by the pcs packages, which provide command-line configuration for Pacemaker and Corosync utilities in Red Hat Enterprise Linux 8. These vulnerabilities involve parsing XML with many specific characters, potentially causing resource exhaustion. Red Hat has issued a security advisory with updates to address these issues in the pcs packages for various architectures and extended life cycle versions of RHEL 8.