Описание
Security update for pacemaker
This update for pacemaker fixes the following issues:
Security issues fixed:
- CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357)
- CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356)
- CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353)
Non-security issue fixed:
- crmd: delete resource from lrmd when appropriate to avoid timeouts with crmsh (bsc#1117381).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:1400-1
- SUSE Security Ratings
- SUSE Bug 1117381
- SUSE Bug 1131353
- SUSE Bug 1131356
- SUSE Bug 1131357
- SUSE CVE CVE-2018-16877 page
- SUSE CVE CVE-2018-16878 page
- SUSE CVE CVE-2019-3885 page
Описание
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
Затронутые продукты
Ссылки
- CVE-2018-16877
- SUSE Bug 1131353
- SUSE Bug 1131356
Описание
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
Затронутые продукты
Ссылки
- CVE-2018-16878
- SUSE Bug 1131353
Описание
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
Затронутые продукты
Ссылки
- CVE-2019-3885
- SUSE Bug 1131357