First published: Thu Apr 27 2023(Updated: )
The Webpack flaw <a href="https://access.redhat.com/security/cve/CVE-2023-28154">CVE-2023-28154</a> (<a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2023-28154 webpack: avoid cross-realm objects" href="show_bug.cgi?id=2179227">bug 2179227</a>) for PCS package was addressed in Red Hat Enterprise Linux 9 via erratum RHSA-2023:1591, released on Apr 04, 2023: <a href="https://access.redhat.com/errata/RHSA-2023:1591">https://access.redhat.com/errata/RHSA-2023:1591</a> However, the fix for this issue was not included in the PCS updates released as part of Red Hat Enterprise Linux 9.2 GA erratum (RHBA-2023:2151), causing a security regression of previously released fix. A new CVE-ID <a href="https://access.redhat.com/security/cve/CVE-2023-2319">CVE-2023-2319</a> was assigned for this security regression. Note that this issue and CVE-ID is specific to the PCS packages as shipped with Red Hat Enterprise Linux and is not applicable to any upstream PCS version or PCS packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more information about the original flaw, refer to the CVE page or bug linked above.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ClusterLabs pcs | =0.11.4-6.el9 | |
Redhat Enterprise Linux High Availability | =9.0 | |
Redhat Enterprise Linux High Availability Eus | =9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2319 is a vulnerability in the PCS package in Red Hat Enterprise Linux 9.2 that does not include the fix for the Webpack issue CVE-2023-28154.
CVE-2023-2319 has a severity rating of critical.
The PCS package version 0.11.4-6.el9 in Red Hat Enterprise Linux 9.2 is affected by CVE-2023-2319.
Yes, a fix for CVE-2023-2319 is available in the Red Hat Enterprise Linux 9.1 erratum RHSA-2023:1591.
You can find more information about CVE-2023-2319 on the Red Hat Security Advisory at https://access.redhat.com/security/cve/CVE-2023-28154.