Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1108-1

Опубликовано: 30 апр. 2019
Источник: suse-cvrf

Описание

Security update for pacemaker

This update for pacemaker fixes the following issues:

Security issues fixed:

  • CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356)
  • CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353)

Список пакетов

SUSE Linux Enterprise High Availability Extension 12 SP3
libpacemaker3-1.1.16-6.14.1
pacemaker-1.1.16-6.14.1
pacemaker-cli-1.1.16-6.14.1
pacemaker-cts-1.1.16-6.14.1
pacemaker-remote-1.1.16-6.14.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libpacemaker-devel-1.1.16-6.14.1
pacemaker-cts-1.1.16-6.14.1

Ссылки

Описание

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP3:libpacemaker3-1.1.16-6.14.1
SUSE Linux Enterprise High Availability Extension 12 SP3:pacemaker-1.1.16-6.14.1
SUSE Linux Enterprise High Availability Extension 12 SP3:pacemaker-cli-1.1.16-6.14.1
SUSE Linux Enterprise High Availability Extension 12 SP3:pacemaker-cts-1.1.16-6.14.1
Ссылки

Описание

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP3:libpacemaker3-1.1.16-6.14.1
SUSE Linux Enterprise High Availability Extension 12 SP3:pacemaker-1.1.16-6.14.1
SUSE Linux Enterprise High Availability Extension 12 SP3:pacemaker-cli-1.1.16-6.14.1
SUSE Linux Enterprise High Availability Extension 12 SP3:pacemaker-cts-1.1.16-6.14.1
Ссылки