ALSA-2025:19719

[ALSA-2025:19719] Important: pcs security update

Type:

security

Severity:

important

Release date:

2025-11-20

Description:

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.  

Security Fix(es):  

  * rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)
  * rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)
  * rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)
  * rack: Rack memory exhaustion denial of service (CVE-2025-61772)
  * rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
ppc64le	pcs-snmp-0.10.18-2.el8_10.7.alma.1.ppc64le.rpm	5263dfd6ab8a873db9a2cc4982ba4e7e2a217d2e1b4b6bd97b7b21e4560b2cf1
ppc64le	pcs-0.10.18-2.el8_10.7.alma.1.ppc64le.rpm	a666fa91c95b59dcfc8d36da8823be42770920e1b9b0998f909294a94b9ef1df
s390x	pcs-snmp-0.10.18-2.el8_10.7.alma.1.s390x.rpm	1aa57a85dd0831d3f185f0c120f023c24d2f7760adfb701b639b16f6a1bd2b79
s390x	pcs-0.10.18-2.el8_10.7.alma.1.s390x.rpm	acae320ae5afa82ab4dd53647ab22edc935beda0ecbb87292f057086b0c74fdb
x86_64	pcs-0.10.18-2.el8_10.7.alma.1.x86_64.rpm	1de8b5a5580956e188b7e1e25cd127dc0c84ea0e54303a3b0390729ce9418269
x86_64	pcs-snmp-0.10.18-2.el8_10.7.alma.1.x86_64.rpm	c148b4bbb1e5677de6d922e81aefe5f9e282c3a4492592bb976cfc56daf3dab8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.