Synopsis: Important: pacemaker security update
Advisory ID: SLSA-2016:2675-1
Issue Date: 2016-11-08
CVE Numbers: CVE-2016-7035
—
Security Fix(es):
* An authorization flaw was found in Pacemaker, where it did not properly
guard its IPC interface. An attacker with an unprivileged account on a
Pacemaker node could use this flaw to, for example, force the Local
Resource Manager daemon to execute a script as root and thereby gain root
access on the machine. (CVE-2016-7035)
This issue was discovered by Jan “poki” Pokorny (Red Hat) and Alain Moulle
(ATOS/BULL).
—
SL6
x86_64
pacemaker-1.1.14-8.el6_8.2.x86_64.rpm
pacemaker-cli-1.1.14-8.el6_8.2.x86_64.rpm
pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm
pacemaker-cluster-libs-1.1.14-8.el6_8.2.x86_64.rpm
pacemaker-cts-1.1.14-8.el6_8.2.x86_64.rpm
pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm
pacemaker-debuginfo-1.1.14-8.el6_8.2.x86_64.rpm
pacemaker-doc-1.1.14-8.el6_8.2.x86_64.rpm
pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm
pacemaker-libs-1.1.14-8.el6_8.2.x86_64.rpm
pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm
pacemaker-libs-devel-1.1.14-8.el6_8.2.x86_64.rpm
pacemaker-remote-1.1.14-8.el6_8.2.x86_64.rpm
i386
pacemaker-1.1.14-8.el6_8.2.i686.rpm
pacemaker-cli-1.1.14-8.el6_8.2.i686.rpm
pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm
pacemaker-cts-1.1.14-8.el6_8.2.i686.rpm
pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm
pacemaker-doc-1.1.14-8.el6_8.2.i686.rpm
pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm
pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm
pacemaker-remote-1.1.14-8.el6_8.2.i686.rpm
– Scientific Linux Development Team
