Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1047-1

Опубликовано: 26 апр. 2019
Источник: suse-cvrf

Описание

Security update for pacemaker

This update for pacemaker fixes the following issues:

Security issues fixed:

  • CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357)
  • CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356)
  • CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353)

Non-security issue fixed:

  • scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374)

Список пакетов

SUSE Linux Enterprise High Availability Extension 12 SP4
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.10.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.10.1
pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1
pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libpacemaker-devel-1.1.19+20181105.ccd6b5b10-3.10.1
pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1

Ссылки

Описание

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP4:libpacemaker3-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1
Ссылки

Описание

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP4:libpacemaker3-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1
Ссылки

Описание

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP4:libpacemaker3-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1
Ссылки