Issued at: 2026-01-23
Updated at: 2026-01-28
Synopsis
Moderate: pcs security update
Description
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* tornado: Tornado Quadratic DoS via Repeated Header Coalescing (CVE-2025-67725)
* tornado: Tornado Quadratic DoS via Crafted Multipart Parameters (CVE-2025-67726)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected products
Rocky Linux 8 aarch64
Rocky Linux 8 x86_64
Fixes
2421722
2421733
CVEs
CVE-2025-67725
CVE-2025-67726
Affected packages
Rocky Linux 8 aarch64 - ResilientStorage
pcs-0:0.10.18-2.el8_10.8.aarch64.rpm
pcs-0:0.10.18-2.el8_10.8.src.rpm
pcs-snmp-0:0.10.18-2.el8_10.8.aarch64.rpm
Rocky Linux 8 aarch64 - HighAvailability
pcs-0:0.10.18-2.el8_10.8.aarch64.rpm
pcs-0:0.10.18-2.el8_10.8.src.rpm
pcs-snmp-0:0.10.18-2.el8_10.8.aarch64.rpm
Rocky Linux 8 x86_64 - HighAvailability
pcs-0:0.10.18-2.el8_10.8.src.rpm
pcs-0:0.10.18-2.el8_10.8.x86_64.rpm
pcs-snmp-0:0.10.18-2.el8_10.8.x86_64.rpm
Rocky Linux 8 x86_64 - ResilientStorage
pcs-0:0.10.18-2.el8_10.8.src.rpm
pcs-0:0.10.18-2.el8_10.8.x86_64.rpm
pcs-snmp-0:0.10.18-2.el8_10.8.x86_64.rpm