Описание
Security update for pacemaker
This update for pacemaker fixes the following issues:
Security issues fixed:
- CVE-2018-16877: Fixed insufficient local IPC client-server authentication on the client's side. (bsc#1131356)
- CVE-2018-16878: Fixed insufficient verification inflicted preference of uncontrolled processes (bsc#1131353)
Other issues fixed:
- stonith_admin --help: specify the usage of --cleanup (bsc#1135317)
- scheduler: wait for probe actions to complete to prevent unnecessary restart/re-promote of dependent resources (bsc#1130122, bsc#1032511)
- controller: confirm cancel of failed monitors (bsc#1133866)
- controller: improve failed recurring action messages (bsc#1133866)
- controller: directly acknowledge unrecordable operation results (bsc#1133866)
- controller: be more tolerant of malformed executor events (bsc#1133866)
- libcrmcommon: return error when applying XML diffs containing unknown operations (bsc#1127716)
- libcrmcommon: avoid possible use-of-NULL when applying XML diffs (bsc#1127716)
- libcrmcommon: correctly apply XML diffs with multiple move/create changes (bsc#1127716)
- libcrmcommon: return proper code if testing pid is denied (bsc#1131353, bsc#1131356)
- libcrmcommon: avoid use-of-NULL when checking whether process is active (bsc#1131353, bsc#1131356)
- tools: run main loop for crm_resource clean-up with resource (bsc#1140519)
- contoller,scheduler: guard hash table deletes (bsc#1136712)
Список пакетов
SUSE Linux Enterprise High Availability Extension 12 SP4
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.13.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.13.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.13.1
pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.13.1
pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.13.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libpacemaker-devel-1.1.19+20181105.ccd6b5b10-3.13.1
pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.13.1
Ссылки
- Link for SUSE-SU-2019:2268-1
- E-Mail link for SUSE-SU-2019:2268-1
- SUSE Security Ratings
- SUSE Bug 1032511
- SUSE Bug 1127716
- SUSE Bug 1130122
- SUSE Bug 1131353
- SUSE Bug 1131356
- SUSE Bug 1133866
- SUSE Bug 1135317
- SUSE Bug 1136712
- SUSE Bug 1140519
- SUSE CVE CVE-2018-16877 page
- SUSE CVE CVE-2018-16878 page
Описание
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP4:libpacemaker3-1.1.19+20181105.ccd6b5b10-3.13.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-1.1.19+20181105.ccd6b5b10-3.13.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.13.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.13.1
Ссылки
- CVE-2018-16877
- SUSE Bug 1131353
- SUSE Bug 1131356
Описание
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP4:libpacemaker3-1.1.19+20181105.ccd6b5b10-3.13.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-1.1.19+20181105.ccd6b5b10-3.13.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.13.1
SUSE Linux Enterprise High Availability Extension 12 SP4:pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.13.1
Ссылки
- CVE-2018-16878
- SUSE Bug 1131353