MGASA-2019-0394 Updated pacemaker packages fix security vulnerabilities

The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. CVE-2019-3885 A flaw was found in the way pacemaker's client-server authenticatio...

NewStart CGSL CORE 5.04 / MAIN 5.04 : pacemaker Multiple Vulnerabilities (NS-SA-2019-0224)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pacemaker packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker coul...

CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

DEBIAN-CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

Code injection

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

CVE-2011-5271

Technical details are not publicly disclosed in the provided documents; no information on affected products, versions, root cause, or fix is included. Monitor for updates.

CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

Amazon Linux 2 : pacemaker (ALAS-2019-1275)

A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. CVE-2018-16878 A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. CVE-2019-3885 A flaw was...

Important: pacemaker

Issue Overview: A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. CVE-2018-16878 A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. CVE-2019-38...

The vulnerability of the Pacemaker resource management software for operating systems based on Ubuntu, Fedora, and OpenSUSE Leap lies in its uncontrolled resource consumption, which allows a malicious actor to cause service interruptions.

The vulnerability of the Pacemaker resource management software for operating systems based on Ubuntu, Fedora, and OpenSUSE Leap involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a hacker to cause service interruptions...

Oracle Linux 8 : pacemaker (ELSA-2019-1279)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1279 advisory. - Improve clients' authentication of IPC servers CVE-2018-16877 - Fix use-after-free with potential information disclosure CVE-2019-3885 - Improve...

pacemaker security and bug fix update

2.0.1-4.3 - New build with fixed test in gating.yaml - Resolves: rhbz1694557 - Resolves: rhbz1695247 - Resolves: rhbz1697264 - Resolves: rhbz1697265 2.0.1-4.2 - New build to apply z-stream tag - Resolves: rhbz1694557 - Resolves: rhbz1695247 - Resolves: rhbz1697264 - Resolves: rhbz1697265 2.0.1-4....

Denial Of Service (DoS)

pacemaker is vulnerable to denial of service attacks. Local unauthenticated user can cause a system hang due to insufficient verification inflicted preference of uncontrolled processes...

Information Disclosure

pacemaker is vulnerable to information disclosure. A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs...

Privilege Escalation

pacemaker is vulnerable to privilege escalation. Insufficient verification of client-side authentication combined with other IPC weaknesses leads to local privilege escalation...

Scientific Linux Security Update : pacemaker on SL7.x x86_64 (20190528)

Security Fixes : - pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc CVE-2018-16877 - pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS CVE-2018-16878 - pacemaker: Information disclosure...

RHEL 7 : pacemaker (RHSA-2019:1278)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1278 advisory. The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application...