Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 7 MGASA-2019-0394: Update for Pacemaker Fixes Various Security Flaws

mageia
Calendar Grey December 19, 2019
Dist Mageia Esm H88
Various software updates have been released for pacemaker to address critical security flaws, such as local privilege escalation vulnerabilities and sensitive data exposure risks.
The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive informati...

Summary

The updated packages fix security vulnerabilities:
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885)
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877)
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. (CVE-2018-16878)

References

- https://bugs.mageia.org/show_bug.cgi?id=24691

- https://www.openwall.com/lists/oss-security/2019/04/17/1

- https://www.openwall.com/lists/oss-security/2019/04/18/2

- http://lists.suse.com/pipermail/sle-security-updates/2019-April/005369.html

- https://access.redhat.com/errata/RHSA-2019:1278

- https://ubuntu.com/security/notices/USN-3952-1

- https://www.cve.org/CVERecord?id=CVE-2019-3885

- https://www.cve.org/CVERecord?id=CVE-2018-16877

- https://www.cve.org/CVERecord?id=CVE-2018-16878

Topics%20covered

Topics Covered

security advisory information leak local privilege escalation software update DoS pacemaker Mageia

Resolution

SRPMS

- 7/core/pacemaker-1.1.19-2.1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 19 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0394.html
Type: security
CVE: CVE-2019-3885, CVE-2018-16877, CVE-2018-16878

Topics%20covered

Topics Covered

security advisory information leak local privilege escalation software update DoS pacemaker Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here