Описание
Security update for pacemaker
This update for pacemaker fixes the following issues:
Security issues fixed:
- CVE-2016-7797: Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767).
- CVE-2016-7035: Fixed improper IPC guarding in pacemaker (bsc#1007433).
Bug fixes:
- bsc#1003565: crmd: Record pending operations in the CIB before they are performed
- bsc#1000743: pengine: Do not fence a maintenance node if it shuts down cleanly
- bsc#987348: ping: Avoid temporary files for fping check
- bsc#986644: libcrmcommon: report errors consistently when waiting for data on connection
- bsc#986644: remote: Correctly calculate the remaining timeouts when receiving messages
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
libpacemaker-devel-1.1.15-5.1
libpacemaker3-1.1.15-5.1
pacemaker-1.1.15-5.1
pacemaker-cli-1.1.15-5.1
pacemaker-cts-1.1.15-5.1
pacemaker-remote-1.1.15-5.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2965-1
- SUSE Security Ratings
Описание
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
Затронутые продукты
openSUSE Leap 42.2:libpacemaker-devel-1.1.15-5.1
openSUSE Leap 42.2:libpacemaker3-1.1.15-5.1
openSUSE Leap 42.2:pacemaker-1.1.15-5.1
openSUSE Leap 42.2:pacemaker-cli-1.1.15-5.1
Ссылки
- CVE-2016-7035
- SUSE Bug 1007433
Описание
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
Затронутые продукты
openSUSE Leap 42.2:libpacemaker-devel-1.1.15-5.1
openSUSE Leap 42.2:libpacemaker3-1.1.15-5.1
openSUSE Leap 42.2:pacemaker-1.1.15-5.1
openSUSE Leap 42.2:pacemaker-cli-1.1.15-5.1
Ссылки
- CVE-2016-7797
- SUSE Bug 1002767