Описание
Security update for pacemaker
This update for pacemaker fixes the following issues:
- attrd: handle shutdown more cleanly (bsc#1173668)
- executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916)
- extra: quote shell variables in agent code where appropriate (bsc#1175557)
- fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916)
- Fixes for %_libexecdir changing to /usr/libexec
- move bcond_with/without up front for e.g. pcmk_release
- pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916)
- resources: use ocf_is_true in SysInfo
- rpm: add spec option for enabling CIB secrets
- rpm: put user-configurable items at top of spec
- rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171)
Список пакетов
Image SLES15-SAP-Azure
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-Azure-BYOS
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-EC2-HVM
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-EC2-HVM-BYOS
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-GCE
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-GCE-BYOS
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-OCI-BYOS
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
SUSE Linux Enterprise High Availability Extension 15
libpacemaker-devel-1.1.18+20180430.b12c320f5-3.27.1
libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-cts-1.1.18+20180430.b12c320f5-3.27.1
pacemaker-remote-1.1.18+20180430.b12c320f5-3.27.1
Ссылки
- Link for SUSE-SU-2020:3080-1
- E-Mail link for SUSE-SU-2020:3080-1
- SUSE Security Ratings
- SUSE Bug 1167171
- SUSE Bug 1173668
- SUSE Bug 1175557
- SUSE Bug 1177916
- SUSE CVE CVE-2020-25654 page
Описание
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-Azure-BYOS:pacemaker-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-Azure-BYOS:pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1
Ссылки
- CVE-2020-25654
- SUSE Bug 1173668
- SUSE Bug 1177916
- SUSE Bug 1196165