Description:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)
* rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)
* rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)
* rack: Rack memory exhaustion denial of service (CVE-2025-61772)
* rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| noarch |
cockpit-ha-cluster-0.12.1-1.el10_1.1.noarch.rpm |
4e19f98da50a14b0382fffee8fe2d79cbf7bc34fbaa3400351363e5531561b7b |
| ppc64le |
pcs-0.12.1-1.el10_1.1.ppc64le.rpm |
940be942b51e769c6a6e0455d4685a1c649040c22a04290f858a3ea01ca38c72 |
| ppc64le |
pcs-snmp-0.12.1-1.el10_1.1.ppc64le.rpm |
e1e6cf19ae95d8dbc95893d86fd278500b8fcbc06bbde8d2f6c8ab1c2b6da3b3 |
| s390x |
pcs-0.12.1-1.el10_1.1.s390x.rpm |
8f908238ec77df33bb83d83d1894e63e5eb189146cbe20475f9213dc39627e53 |
| s390x |
pcs-snmp-0.12.1-1.el10_1.1.s390x.rpm |
b9e481f71f964883be95f169df9939956bbac9df996b277149362efdae199dee |
| x86_64 |
pcs-snmp-0.12.1-1.el10_1.1.x86_64.rpm |
69912fca16890c3ceea9d7e110da8547731021802defc24b179ca52473527daa |
| x86_64 |
pcs-0.12.1-1.el10_1.1.x86_64.rpm |
f4f06c6d82d7e57524c5e51b8fed81256c1a3bc139dbdbb40d5b42738c5a3c34 |
| x86_64_v2 |
pcs-0.12.1-1.el10_1.1.x86_64_v2.rpm |
0cb60acc76fb77d54f78472ba8509b37c8cb59c2041bdf4adc692888d11783fd |
| x86_64_v2 |
pcs-snmp-0.12.1-1.el10_1.1.x86_64_v2.rpm |
c08a8ae3b10e92c551aedca37cc9d3101eab91e34cedc18033438fb3477af1bd |
