Hi,
The listed CVEs describe vulnerabilities in REXML library. Pcs source
code is not affected. Therefore, no fix is available / planned in pcs
source code to address these.
However, if you are using rexml packages or pcs packages which contain a
copy of REXML, I suggest to keep them upgraded to the latest available
version.
Regards,
Tomas
Dne 13. 10. 24 v 6:40 NS Lokesh via Users napsal(a):
Hi Team,
Please be informed, we have got notified from our security tool that our
pcs version 0.10 is affected by the
*CVE-2024-41123,CVE-2024-41946,CVE-2024-43398*
It would be great if we help to get answers for the below queries.
1. Is clusterlab pcs affected by the above mention CVE’s?
2. Is there any fix planned/available for this affection version
(0.10.x) of pcs ?
3. Let us know in which release this CVEs fix are planned ?
We are currently in RHEL 8.6 OS and using pcs 0.10 version, **
*Our system Details:-*
OS Version: RHEL 8.6
Name : pcs
Version : 0.10.16
Release : 1.el8
Architecture: x86_64
Regards,
Lokesh NS
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
