Oracle Linux 8 : pacemaker (ELSA-2019-1279)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1279 advisory. - Improve clients' authentication of IPC servers CVE-2018-16877 - Fix use-after-free with potential information disclosure CVE-2019-3885 - Improve...

pacemaker security and bug fix update

2.0.1-4.3 - New build with fixed test in gating.yaml - Resolves: rhbz1694557 - Resolves: rhbz1695247 - Resolves: rhbz1697264 - Resolves: rhbz1697265 2.0.1-4.2 - New build to apply z-stream tag - Resolves: rhbz1694557 - Resolves: rhbz1695247 - Resolves: rhbz1697264 - Resolves: rhbz1697265 2.0.1-4....

Information Disclosure

pacemaker is vulnerable to information disclosure. A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs...

Privilege Escalation

pacemaker is vulnerable to privilege escalation. Insufficient verification of client-side authentication combined with other IPC weaknesses leads to local privilege escalation...

Denial Of Service (DoS)

pacemaker is vulnerable to denial of service attacks. Local unauthenticated user can cause a system hang due to insufficient verification inflicted preference of uncontrolled processes...

Scientific Linux Security Update : pacemaker on SL7.x x86_64 (20190528)

Security Fixes : - pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc CVE-2018-16877 - pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS CVE-2018-16878 - pacemaker: Information disclosure...

RHEL 7 : pacemaker (RHSA-2019:1278)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1278 advisory. The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application...

RHEL 8 : pacemaker (RHSA-2019:1279)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1279 advisory. The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application...

pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc

A flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation...

pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS

A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS...

pacemaker: Information disclosure through use-after-free

A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs...

Important: Red Hat Security Advisory: pacemaker security update

An update for pacemaker is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc

A flaw was found in the way pacemaker's client-server authentication was implemented. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation...

pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS

A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS...

pacemaker: Information disclosure through use-after-free

A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs...

Important: Red Hat Security Advisory: pacemaker security and bug fix update

An update for pacemaker is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

openSUSE Security Update : pacemaker (openSUSE-2019-1400)

This update for pacemaker fixes the following issues : Security issues fixed : - CVE-2019-3885: Fixed an information disclosure in log output. bsc1131357 - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. bsc1131356 - CVE-2018-16878: Fixed ...

openSUSE: Security Advisory for pacemaker (openSUSE-SU-2019:1400-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:1400-1 Security update for pacemaker

This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2019-3885: Fixed an information disclosure in log output. bsc1131357 - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. bsc1131356 - CVE-2018-16878: Fixed a...

Security update for pacemaker (important)

openSUSE Security Update: Security update for pacemaker Announcement ID: openSUSE-SU-2019:1400-1 Rating: important References: 1117381 1131353 1131356 1131357 Cross-References: CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 Affected Products: openSUSE Leap 15.0 An update that solves three...