critical
9.8
Advisory Published
CVE Published
Updated

CVE-2023-2319

First published: Thu Apr 27 2023(Updated: )

The Webpack flaw <a href="https://access.redhat.com/security/cve/CVE-2023-28154">CVE-2023-28154</a> (<a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2023-28154 webpack: avoid cross-realm objects" href="show_bug.cgi?id=2179227">bug 2179227</a>) for PCS package was addressed in Red Hat Enterprise Linux 9 via erratum RHSA-2023:1591, released on Apr 04, 2023: <a href="https://access.redhat.com/errata/RHSA-2023:1591">https://access.redhat.com/errata/RHSA-2023:1591</a> However, the fix for this issue was not included in the PCS updates released as part of Red Hat Enterprise Linux 9.2 GA erratum (RHBA-2023:2151), causing a security regression of previously released fix. A new CVE-ID <a href="https://access.redhat.com/security/cve/CVE-2023-2319">CVE-2023-2319</a> was assigned for this security regression. Note that this issue and CVE-ID is specific to the PCS packages as shipped with Red Hat Enterprise Linux and is not applicable to any upstream PCS version or PCS packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more information about the original flaw, refer to the CVE page or bug linked above.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
ClusterLabs pcs=0.11.4-6.el9
Redhat Enterprise Linux High Availability=9.0
Redhat Enterprise Linux High Availability Eus=9.2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2023-2319?

    CVE-2023-2319 is a vulnerability in the PCS package in Red Hat Enterprise Linux 9.2 that does not include the fix for the Webpack issue CVE-2023-28154.

  • How severe is CVE-2023-2319?

    CVE-2023-2319 has a severity rating of critical.

  • Which software is affected by CVE-2023-2319?

    The PCS package version 0.11.4-6.el9 in Red Hat Enterprise Linux 9.2 is affected by CVE-2023-2319.

  • Is there a fix available for CVE-2023-2319?

    Yes, a fix for CVE-2023-2319 is available in the Red Hat Enterprise Linux 9.1 erratum RHSA-2023:1591.

  • Where can I find more information about CVE-2023-2319?

    You can find more information about CVE-2023-2319 on the Red Hat Security Advisory at https://access.redhat.com/security/cve/CVE-2023-28154.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203