USN-7614-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7614-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7614-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7614-1
Upstream
Related
Published
2025-07-02T08:20:20.993424Z
Modified
2025-07-16T07:48:23.874085Z
Summary
pcs vulnerabilities
Details

Cedric Buissart discovered that pcs did not correctly handle certain parameters. An attacker could possibly use this issue to leak sensitive information or elevate their privileges. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-1086)

Ondrej Mular discovered that pcs did not correctly handle Unix socket permissions. An attacker could possibly use this issue to elevate their privileges. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2735)

It was discovered that pcs did not correctly handle PAM authentication. An attacker could possibly use this issue to bypass authentication mechanisms. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1049)

It was discovered that pcs did not correctly handle the validation of Node names. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2661)

References

Affected packages

Ubuntu:Pro:16.04:LTS / pcs

Package

Name
pcs
Purl
pkg:deb/ubuntu/pcs@0.9.149-1ubuntu1.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.149-1ubuntu1.1+esm1

Affected versions

0.*

0.9.149-1
0.9.149-1ubuntu1
0.9.149-1ubuntu1.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "pcs",
            "binary_version": "0.9.149-1ubuntu1.1+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:20.04:LTS / pcs

Package

Name
pcs
Purl
pkg:deb/ubuntu/pcs@0.10.4-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.4-3ubuntu0.1~esm1

Affected versions

0.*

0.10.2-1
0.10.4-2
0.10.4-2ubuntu1
0.10.4-3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "pcs",
            "binary_version": "0.10.4-3ubuntu0.1~esm1"
        },
        {
            "binary_name": "pcs-snmp",
            "binary_version": "0.10.4-3ubuntu0.1~esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:22.04:LTS / pcs

Package

Name
pcs
Purl
pkg:deb/ubuntu/pcs@0.10.11-2ubuntu3+esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.11-2ubuntu3+esm1

Affected versions

0.*

0.10.8-1ubuntu1
0.10.11-2ubuntu2
0.10.11-2ubuntu3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "pcs",
            "binary_version": "0.10.11-2ubuntu3+esm1"
        },
        {
            "binary_name": "pcs-snmp",
            "binary_version": "0.10.11-2ubuntu3+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}