Home / mailingsPDF  

[USN-7614-1] pcs vulnerabilities

Posted on 03 July 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7614-1
July 02, 2025

pcs vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in pcs.

Software Description:
- pcs: Pacemaker Configuration System

Details:

Cedric Buissart discovered that pcs did not correctly handle certain
parameters. An attacker could possibly use this issue to leak sensitive
information or elevate their privileges. This issue only affected
Ubuntu 16.04 LTS. (CVE-2018-1086)

Ondrej Mular discovered that pcs did not correctly handle Unix socket
permissions. An attacker could possibly use this issue to elevate their
privileges. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2735)

It was discovered that pcs did not correctly handle PAM authentication.
An attacker could possibly use this issue to bypass authentication
mechanisms. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-1049)

It was discovered that pcs did not correctly handle the validation of
Node names. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. This issue only affected
Ubuntu 16.04 LTS. (CVE-2017-2661)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
pcs 0.10.11-2ubuntu3+esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
pcs 0.10.4-3ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
pcs 0.9.149-1ubuntu1.1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7614-1
CVE-2017-2661, CVE-2018-1086, CVE-2022-1049, CVE-2022-2735

--===============5170308540364198993==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :