Описание
Security update for pacemaker
This update for pacemaker fixes the following issues:
Security issues fixed:
- CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356)
- CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
libpacemaker-devel-1.1.16-4.12.1
libpacemaker3-1.1.16-4.12.1
pacemaker-1.1.16-4.12.1
pacemaker-cli-1.1.16-4.12.1
pacemaker-cts-1.1.16-4.12.1
pacemaker-remote-1.1.16-4.12.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1342-1
- SUSE Security Ratings
Описание
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
Затронутые продукты
openSUSE Leap 42.3:libpacemaker-devel-1.1.16-4.12.1
openSUSE Leap 42.3:libpacemaker3-1.1.16-4.12.1
openSUSE Leap 42.3:pacemaker-1.1.16-4.12.1
openSUSE Leap 42.3:pacemaker-cli-1.1.16-4.12.1
Ссылки
- CVE-2018-16877
- SUSE Bug 1131353
- SUSE Bug 1131356
Описание
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
Затронутые продукты
openSUSE Leap 42.3:libpacemaker-devel-1.1.16-4.12.1
openSUSE Leap 42.3:libpacemaker3-1.1.16-4.12.1
openSUSE Leap 42.3:pacemaker-1.1.16-4.12.1
openSUSE Leap 42.3:pacemaker-cli-1.1.16-4.12.1
Ссылки
- CVE-2018-16878
- SUSE Bug 1131353