Security update for pacemaker (important)

openSUSE Security Update: Security update for pacemaker Announcement ID: openSUSE-SU-2020:1782-1 Rating: important References: 1167171 1173668 1175557 1177916 Cross-References: CVE-2020-25654 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has three fixes is now...

OPENSUSE-SU-2020:1782-1 Security update for pacemaker

This update for pacemaker fixes the following issues: Update to 2.0.4: - based: use crmexit to free qb-logging - cibsecret: don't use pssh -q option unless supported - crmerror: use gfree for a proper match - crmmon: NULL output-pointer when buffer is freed - crmresource: avoid unnecessary issus...

SUSE-SU-2020:3094-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly bsc1173668 - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: quote shell variables in agent code where appropriate bsc1175557 - fencer: restrict certain IPC...

SUSE-SU-2020:3089-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly bsc1173668 - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: quote shell variables in agent code where appropriate bsc1175557 - fencer: restrict certain IPC...

SUSE-SU-2020:3086-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly bsc1173668 - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: quote shell variables in agent code where appropriate bsc1175557 - fencer: restrict certain IPC...

SUSE-SU-2020:3080-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly bsc1173668 - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: quote shell variables in agent code where appropriate bsc1175557 - fencer: restrict certain IPC...

SUSE-SU-2020:3073-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: add vim modelines to agents - extra: quote shell variables in agent code where appropriate bsc1175557 - extra: remove trailing whitespace from...

SUSE-SU-2020:3054-1 Security update for pacemaker

This update for pacemaker fixes the following issues: Update to 2.0.4: - based: use crmexit to free qb-logging - cibsecret: don't use pssh -q option unless supported - crmerror: use gfree for a proper match - crmmon: NULL output-pointer when buffer is freed - crmresource: avoid unnecessary issus...

CVE-2020-25654

An ACL bypass flaw was found in Pacemaker. This flaw allows an attacker with a local account on the cluster and in the haclient group to use IPC communication with various daemons to directly perform certain tasks that would be prevented if they had gone through configured ACLs. The highest threa...

CVE-2020-25654

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration...

UBUNTU-CVE-2020-25654

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration...

Moderate: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

The vulnerability of the Pacemaker resource management software for operating systems such as Ubuntu, Fedora, OpenSUSE Leap, Enterprise Linux, and Oracle Linux allows a perpetrator to increase their privileges.

The vulnerability of the Pacemaker resource management software for operating systems such as Ubuntu, Fedora, OpenSUSE Leap, Enterprise Linux, and Oracle Linux is related to insufficient authentication. Exploiting this vulnerability can allow attackers to increase their privileges...

SUSE-SU-2020:1072-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - CVE-2018-16877: Fixed an issue with insufficient local IPC client-server authentication on the client's side bsc1131356. - CVE-2018-16878: Fixed a denial of service related to insufficient verification of uncontrolled processes bsc1131353...

The vulnerability of the Pacemaker resource manager in the operating system utility package for SUSE Linux Supportutils allows a hacker to re-record arbitrary files.

The vulnerability of the Pacemaker resource manager in the Oracle Enterprise Linux distribution is related to an incorrect definition of the link before accessing a file. Exploiting this vulnerability could allow an attacker to re-write any files they desire...

SUSE-SU-2020:0081-1 Security update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client

This update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client contains the following fixes: Security issue fixed for rubygem-puma: - CVE-2019-16770: Fixed a potential...

NewStart CGSL CORE 5.05 / MAIN 5.05 : pacemaker Multiple Vulnerabilities (NS-SA-2019-0258)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has pacemaker packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker coul...

PT-2020-6222 · Pacemaker +7 · Pacemaker +7

Name of the Vulnerable Software and Affected Versions: Pacemaker versions prior to 1.1.24-rc1 Pacemaker versions prior to 2.0.5-rc2 Description: The issue is related to an ACL bypass flaw in Pacemaker, which could allow an attacker with a local account on the cluster and in the haclient group to...

Updated pacemaker packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. CVE-2019-3885 A flaw was found in the way pacemaker's client-server authenticatio...