Synopsis: Important: pacemaker security update
Advisory ID: SLSA-2019:1278-1
Issue Date: 2019-05-28
CVE Numbers: CVE-2018-16877
CVE-2018-16878
CVE-2019-3885
—
Security Fix(es):
* pacemaker: Insufficient local IPC client-server authentication on the
client’s side can lead to local privesc (CVE-2018-16877)
* pacemaker: Insufficient verification inflicted preference of uncontrolled
processes can lead to DoS (CVE-2018-16878)
* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)
—
SL7
x86_64
pacemaker-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cli-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cts-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.i686.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-doc-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-remote-1.1.19-8.el7_6.5.x86_64.rpm
– Scientific Linux Development Team
