Описание
Security update for pacemaker
This update for pacemaker fixes the following issues:
Security issues fixed:
- CVE-2016-7797: Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767).
- CVE-2016-7035: Fixed improper IPC guarding in pacemaker (bsc#1007433).
Bug fixes:
- bsc#1003565: crmd: Record pending operations in the CIB before they are performed
- bsc#1000743: pengine: Do not fence a maintenance node if it shuts down cleanly
- bsc#987348: ping: Avoid temporary files for fping check
- bsc#986644: libcrmcommon: report errors consistently when waiting for data on connection
- bsc#986644: remote: Correctly calculate the remaining timeouts when receiving messages
Список пакетов
SUSE Linux Enterprise High Availability Extension 12 SP2
libpacemaker3-1.1.15-21.1
pacemaker-1.1.15-21.1
pacemaker-cli-1.1.15-21.1
pacemaker-cts-1.1.15-21.1
pacemaker-remote-1.1.15-21.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libpacemaker-devel-1.1.15-21.1
pacemaker-cts-1.1.15-21.1
Ссылки
- Link for SUSE-SU-2016:2869-1
- E-Mail link for SUSE-SU-2016:2869-1
- SUSE Security Ratings
- SUSE Bug 1000743
- SUSE Bug 1002767
- SUSE Bug 1003565
- SUSE Bug 1007433
- SUSE Bug 967388
- SUSE Bug 986644
- SUSE Bug 987348
- SUSE CVE CVE-2016-7035 page
- SUSE CVE CVE-2016-7797 page
Описание
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP2:libpacemaker3-1.1.15-21.1
SUSE Linux Enterprise High Availability Extension 12 SP2:pacemaker-1.1.15-21.1
SUSE Linux Enterprise High Availability Extension 12 SP2:pacemaker-cli-1.1.15-21.1
SUSE Linux Enterprise High Availability Extension 12 SP2:pacemaker-cts-1.1.15-21.1
Ссылки
- CVE-2016-7035
- SUSE Bug 1007433
Описание
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP2:libpacemaker3-1.1.15-21.1
SUSE Linux Enterprise High Availability Extension 12 SP2:pacemaker-1.1.15-21.1
SUSE Linux Enterprise High Availability Extension 12 SP2:pacemaker-cli-1.1.15-21.1
SUSE Linux Enterprise High Availability Extension 12 SP2:pacemaker-cts-1.1.15-21.1
Ссылки
- CVE-2016-7797
- SUSE Bug 1002767