Описание
Security update for pacemaker
This update for pacemaker fixes the following issues:
- attrd: handle shutdown more cleanly (bsc#1173668)
- executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916)
- extra: quote shell variables in agent code where appropriate (bsc#1175557)
- fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916)
- Fixes for %_libexecdir changing to /usr/libexec
- pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916)
- resources: use ocf_is_true in SysInfo
- rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171)
Список пакетов
Image SLES12-SP4-SAP-Azure
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-Azure-BYOS
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-EC2-HVM
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-GCE
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-GCE-BYOS
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-OCI-BYOS
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
SUSE Linux Enterprise High Availability Extension 12 SP4
libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.22.1
pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.22.1
Ссылки
- Link for SUSE-SU-2020:3089-1
- E-Mail link for SUSE-SU-2020:3089-1
- SUSE Security Ratings
- SUSE Bug 1167171
- SUSE Bug 1173668
- SUSE Bug 1175557
- SUSE Bug 1177916
- SUSE CVE CVE-2020-25654 page
Описание
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-Azure-BYOS:pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-Azure-BYOS:pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1
Ссылки
- CVE-2020-25654
- SUSE Bug 1173668
- SUSE Bug 1177916
- SUSE Bug 1196165