USN-7614-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2017-2661 CVE-2018-1086 CVE-2022-1049 CVE-2022-2735 UBUNTU-CVE-2017-2661 UBUNTU-CVE-2018-1086

Published: 02 Jul 2025, 08:20

Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Jul 2025, 08:20

Published

Vulnerability first disclosed

20 May 2026, 16:03

Last Modified

Vulnerability information updated

Description

pcs vulnerabilities Cedric Buissart discovered that pcs did not correctly handle certain parameters. An attacker could possibly use this issue to leak sensitive information or elevate their privileges. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-1086) Ondrej Mular discovered that pcs did not correctly handle Unix socket permissions. An attacker could possibly use this issue to elevate their privileges. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2735) It was discovered that pcs did not correctly handle PAM authentication. An attacker could possibly use this issue to bypass authentication mechanisms. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1049) It was discovered that pcs did not correctly handle the validation of Node names. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2661)

Affected Systems

ubuntu•pcs
< 0.9.149-1ubuntu1.1+esm1 | < 0.10.4-3ubuntu0.1~esm1 | < 0.10.11-2ubuntu3+esm1

USN-7614-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)