Detections
Analytics
Oracle Linux 9 : pcs (ELSA-2022-9513)
high Nessus Plugin ID 162813
Language:
Synopsis
The remote Oracle Linux host is missing a security update.Description
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9513 advisory.[0.11.1-10.el9_0.1]
- Updated bundled rubygems: sinatra, rack-protection
- Resolves: rhbz#2081333
[0.11.1-10]
- Fixed snmp client
- Fixed translating resource roles in colocation constraint
- Resolves: rhbz#2048640
[0.11.1-9]
- Fixed cluster destroy in web ui
- Fixed covscan issue in web ui
- Resolves: rhbz#2044409
[0.11.1-8]
- Fixed 'pcs resource move' command
- Fixed removing of unavailable fence-scsi storage device
- Fixed ocf validation of ocf linbit drdb agent
- Fixed creating empty cib
- Updated pcs-web-ui
- Resolves: rhbz#1990787 rhbz#2033248 rhbz#2039883 rhbz#2040420
[0.11.1-7]
- Fixed enabling corosync-qdevice
- Fixed resource update command when unable to get agent metadata
- Fixed revert of disallowing to clone a group with a stonith
- Resolves: rhbz#1811072 rhbz#2019836 rhbz#2032473
[0.11.1-6]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs web ui
- Resolves: rhbz#1990787 rhbz#1997019 rhbz#2012129 rhbz#2024542 rhbz#2027678 rhbz#2027679
[0.11.1-5]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Resolves: rhbz#1990787 rhbz#2018969 rhbz#2019836 rhbz#2023752 rhbz#2012129
[0.11.1-4]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs web ui
- Enabled wui patching
- Resolves: rhbz#1811072 rhbz#1945305 rhbz#1997019 rhbz#2012129
[0.11.1-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1956703 rhbz#1956706 rhbz#1985981 rhbz#1991957 rhbz#1996062 rhbz#1996067
[0.11.0.alpha.1-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs web ui
- Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1985981 rhbz#1991957 rhbz#1996067
[0.10.9-2]
- Rebuilt for libffi 3.4.2 SONAME transition.
Related: rhbz#1891914
[0.10.9-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Resolves: rhbz#1991957
[0.10.8-11]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
[0.10.8-10]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Fixed web-ui build
- Fixed tests for pacemaker 2.1
- Resolves: rhbz#1975440 rhbz#1922302
[0.10.8-9]
- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065
[0.10.8-8]
- Rebuild with fixed gaiting tests
- Stopped bundling rubygem-json (use distribution package instead)
- Fixed patches
- Resolves: rhbz#1881064
[0.10.8-7]
- Fixed License tag
- Rebuild with fixed dependency for gating tier0 tests
- Resolves: rhbz#1881064
[0.10.8-6]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Removed clufter related commands
- Resolves: rhbz#1881064
[0.10.8-5]
- Updated pcs web ui node modules
- Fixed build issue on low memory build hosts
- Resolves: rhbz#1951272
[0.10.8-4]
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
[0.10.8-3]
- Replace pyOpenSSL with python-cryptography
- Resolves: rhbz#1927404
[0.10.8-2]
- Bundle rubygem depedencies and python3-tornado
- Resolves: rhbz#1929710
[0.10.8-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs-web-ui
- Updated bundled python dependency: dacite
- Changed BuildRequires from git to git-core
- Added conditional (Build)Requires: rubygem(rexml)
- Added conditional Requires: rubygem(webrick)
[0.10.7-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
[0.10.7-3]
- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_3.0
[0.10.7-2]
- Python 3.10 related fix
[0.10.7-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Added dependency on python packages pyparsing and dateutil
- Fixed virtual bundle provides for ember, handelbars, jquery and jquery-ui
- Removed dependency on python3-clufter
[0.10.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
[0.10.6-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs-web-ui
- Stopped bundling tornado (use distribution package instead)
- Stopped bundling rubygem-tilt (use distribution package instead)
- Removed rubygem bundling
- Removed unneeded BuildRequires: execstack, gcc, gcc-c++
- Excluded some tests for tornado daemon
[0.10.5-8]
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
[0.10.5-7]
- Use fixed upstream version of dacite with Python 3.9 support
- Split upstream tests in gating into tiers
[0.10.5-6]
- Use patched version of dacite compatible with Python 3.9
- Resolves: rhbz#1838327
[0.10.5-5]
- Rebuilt for Python 3.9
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected pcs and / or pcs-snmp packages.See Also
Plugin Details
Severity: High
ID: 162813
File Name: oraclelinux_ELSA-2022-9513.nasl
Version: 1.3
Type: local
Agent: unix
Published: 7/7/2022
Updated: 10/22/2024
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2022-29970
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:pcs, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:pcs-snmp
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Ease: No known exploits are available
Patch Publication Date: 6/30/2022
Vulnerability Publication Date: 5/2/2022
Reference Information
CVE: CVE-2022-29970