Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2019-1275
HistoryAug 23, 2019 - 3:37 a.m.

Important: pacemaker

2019-08-2303:37:00
alas.aws.amazon.com
15

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.1%

JSON

Issue Overview:

A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. (CVE-2018-16878)

A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885)

A flaw was found in the way pacemaker’s client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877)

Affected Packages:

pacemaker

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update pacemaker to update your system.

New Packages:

aarch64:  
    pacemaker-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-cli-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-libs-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-cluster-libs-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-remote-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-libs-devel-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-cts-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-doc-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-nagios-plugins-metadata-1.1.20-5.amzn2.0.2.aarch64  
    pacemaker-debuginfo-1.1.20-5.amzn2.0.2.aarch64  
  
i686:  
    pacemaker-1.1.20-5.amzn2.0.2.i686  
    pacemaker-cli-1.1.20-5.amzn2.0.2.i686  
    pacemaker-libs-1.1.20-5.amzn2.0.2.i686  
    pacemaker-cluster-libs-1.1.20-5.amzn2.0.2.i686  
    pacemaker-remote-1.1.20-5.amzn2.0.2.i686  
    pacemaker-libs-devel-1.1.20-5.amzn2.0.2.i686  
    pacemaker-cts-1.1.20-5.amzn2.0.2.i686  
    pacemaker-doc-1.1.20-5.amzn2.0.2.i686  
    pacemaker-nagios-plugins-metadata-1.1.20-5.amzn2.0.2.i686  
    pacemaker-debuginfo-1.1.20-5.amzn2.0.2.i686  
  
src:  
    pacemaker-1.1.20-5.amzn2.0.2.src  
  
x86_64:  
    pacemaker-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-cli-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-libs-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-cluster-libs-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-remote-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-libs-devel-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-cts-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-doc-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-nagios-plugins-metadata-1.1.20-5.amzn2.0.2.x86_64  
    pacemaker-debuginfo-1.1.20-5.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2018-16877, CVE-2018-16878, CVE-2019-3885

Mitre: CVE-2018-16877, CVE-2018-16878, CVE-2019-3885

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64pacemaker< 1.1.20-5.amzn2.0.2pacemaker-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-cli< 1.1.20-5.amzn2.0.2pacemaker-cli-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-libs< 1.1.20-5.amzn2.0.2pacemaker-libs-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-cluster-libs< 1.1.20-5.amzn2.0.2pacemaker-cluster-libs-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-remote< 1.1.20-5.amzn2.0.2pacemaker-remote-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-libs-devel< 1.1.20-5.amzn2.0.2pacemaker-libs-devel-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-cts< 1.1.20-5.amzn2.0.2pacemaker-cts-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-doc< 1.1.20-5.amzn2.0.2pacemaker-doc-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-nagios-plugins-metadata< 1.1.20-5.amzn2.0.2pacemaker-nagios-plugins-metadata-1.1.20-5.amzn2.0.2.aarch64.rpm
Amazon Linux2aarch64pacemaker-debuginfo< 1.1.20-5.amzn2.0.2pacemaker-debuginfo-1.1.20-5.amzn2.0.2.aarch64.rpm
Rows per page:
1-10 of 301

Related

ibm 3
oraclelinux 1
fedora 3
nessus 16
suse 2
openvas 7
redhat 2
ubuntu 1
mageia 1
gentoo 1
osv 4
debian 1
ubuntucve 3
redhatcve 3
prion 3
veracode 3
cve 3
debiancve 3
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by Pacemaker vulnerabilities (CVE-2018-16878, CVE-2018-16877, CVE-2019-3885)
2020-12-18 18:18:11
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in Pacemaker
2020-12-18 14:09:33
Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.
2022-02-21 04:39:05
oraclelinux
oraclelinux
pacemaker security and bug fix update
2019-07-30 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: pacemaker-2.0.1-2.fc30
2019-04-23 23:44:10
[SECURITY] Fedora 29 Update: pacemaker-2.0.0-5.fc29
2019-05-05 02:44:11
[SECURITY] Fedora 28 Update: pacemaker-1.1.18-3.fc28
2019-05-04 01:17:47
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : Pacemaker vulnerabilities (USN-3952-1)
2019-04-24 00:00:00
RHEL 8 : pacemaker (RHSA-2019:1279)
2019-05-28 00:00:00
RHEL 7 : pacemaker (RHSA-2019:1278)
2019-05-28 00:00:00
suse
suse
Security update for pacemaker (important)
2019-05-15 00:00:00
Security update for pacemaker (important)
2019-05-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3952-1)
2019-04-24 00:00:00
Fedora Update for pacemaker FEDORA-2019-e71f6f36ac
2019-05-04 00:00:00
Mageia: Security Advisory (MGASA-2019-0394)
2022-01-28 00:00:00
redhat
redhat
(RHSA-2019:1279) Important: pacemaker security and bug fix update
2019-05-27 15:45:19
(RHSA-2019:1278) Important: pacemaker security update
2019-05-27 15:45:15
ubuntu
ubuntu
Pacemaker vulnerabilities
2019-04-23 00:00:00
mageia
mageia
Updated pacemaker packages fix security vulnerabilities
2019-12-19 16:44:26
gentoo
gentoo
Pacemaker: Multiple Vulnerabilities
2023-09-29 00:00:00
osv
osv
pacemaker - security update
2021-01-06 00:00:00
CVE-2018-16878
2019-04-18 18:29:00
CVE-2018-16877
2019-04-18 18:29:00
debian
debian
[SECURITY] [DLA 2519-1] pacemaker security update
2021-01-06 22:25:21
ubuntucve
ubuntucve
CVE-2018-16878
2019-04-17 00:00:00
CVE-2018-16877
2019-04-17 00:00:00
CVE-2019-3885
2019-04-17 00:00:00
redhatcve
redhatcve
CVE-2018-16878
2019-04-17 10:20:11
CVE-2018-16877
2019-04-17 09:50:40
CVE-2019-3885
2019-04-17 10:20:39
prion
prion
Design/Logic Flaw
2019-04-18 18:29:00
Privilege escalation
2019-04-18 18:29:00
Design/Logic Flaw
2019-04-18 18:29:00
veracode
veracode
Denial Of Service (DoS)
2019-06-03 00:24:53
Privilege Escalation
2019-06-03 00:24:53
Information Disclosure
2019-06-03 00:24:53
cve
cve
CVE-2018-16878
2019-04-18 18:29:00
CVE-2018-16877
2019-04-18 18:29:00
CVE-2019-3885
2019-04-18 18:29:00
debiancve
debiancve
CVE-2018-16878
2019-04-18 18:29:00
CVE-2018-16877
2019-04-18 18:29:00
CVE-2019-3885
2019-04-18 18:29:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.1%

JSON
Related for ALAS2-2019-1275
ibm3oraclelinux1fedora3nessus16suse2openvas7redhat2ubuntu1mageia1gentoo1osv4debian1ubuntucve3redhatcve3prion3veracode3cve3debiancve3