Synopsis: Important: pcs security update Advisory ID: SLSA-2018:1060-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2018-1000119 CVE-2018-1079 CVE-2018-1086 -- Security Fix(es): * pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079) * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) * rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119) -- SL7 x86_64 pcs-0.9.162-5.sl7_5.1.x86_64.rpm pcs-debuginfo-0.9.162-5.sl7_5.1.x86_64.rpm pcs-snmp-0.9.162-5.sl7_5.1.x86_64.rpm - Scientific Linux Development Team