-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: pacemaker security update
Advisory ID:       RHSA-2019:1278-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1278
Issue date:        2019-05-27
CVE Names:         CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 
====================================================================
1. Summary:

An update for pacemaker is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server High Availability (v. 7) - ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64

3. Description:

The Pacemaker cluster resource manager is a collection of technologies
working together to maintain data integrity and application availability in
the event of failures. 

Security Fix(es):

* pacemaker: Insufficient local IPC client-server authentication on the
client's side can lead to local privesc (CVE-2018-16877)

* pacemaker: Insufficient verification inflicted preference of uncontrolled
processes can lead to DoS (CVE-2018-16878)

* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1652646 - CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc
1657962 - CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS
1694554 - CVE-2019-3885 pacemaker: Information disclosure through use-after-free

6. Package List:

Red Hat Enterprise Linux Server High Availability (v. 7):

Source:
pacemaker-1.1.19-8.el7_6.5.src.rpm

ppc64le:
pacemaker-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cli-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cts-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-doc-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-libs-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-remote-1.1.19-8.el7_6.5.ppc64le.rpm

s390x:
pacemaker-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cli-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cts-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-doc-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-libs-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-remote-1.1.19-8.el7_6.5.s390x.rpm

x86_64:
pacemaker-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cli-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cts-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.i686.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-doc-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-remote-1.1.19-8.el7_6.5.x86_64.rpm

Red Hat Enterprise Linux Server Resilient Storage (v. 7):

Source:
pacemaker-1.1.19-8.el7_6.5.src.rpm

ppc64le:
pacemaker-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cli-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cts-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-doc-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-libs-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-remote-1.1.19-8.el7_6.5.ppc64le.rpm

s390x:
pacemaker-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cli-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cts-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-doc-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-libs-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-remote-1.1.19-8.el7_6.5.s390x.rpm

x86_64:
pacemaker-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cli-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cts-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.i686.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-doc-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-remote-1.1.19-8.el7_6.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-16877
https://access.redhat.com/security/cve/CVE-2018-16878
https://access.redhat.com/security/cve/CVE-2019-3885
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXOwJxdzjgjWX9erEAQhDJQ//UVDW61P2iUh8oY2eDj4RP0rkDayTCYWv
yT/hlQfOVwuNwEnDPhmhdpfauTskvi4DwJszOP/P+HUkN+u3jFXK/vcOOm0tSID/
fEyfTyUgQCzXAYjKiRTev/92cEd1CSP5eANoR+3yJCcZCWZ6WJds/3XVlYaB98FA
2AfePPrCry9wzSyvByVjAQKqEa+2CgvjyfXrxVUrAFr8JBINgXic5rZwwmHyloiS
gyl7glpvTRBJbXqZjgdUVaY9BpmRy5QR7Fvza07PLhaFtBkkjxGX+nHAgnpfylG+
dseisUoD8L0m93mD3KhpyLPODMf5yxNdNSuPRagCHB7t1LAsVMtz+fM8+l8YHmKZ
vwoSeX/5wiJ7tOcRCb7T78rQ2ezF+fV60Z2548FE9qrnnhR0x6mUBmuD5pXj9gwf
FQu524BrczM1gb78MWm0yXjeCklH5CQQ6SrpC0fFwmF9yk/MwOAkIFaI3cLuja2M
D959AyCCkhexdMF3CVjZaaKc206iSmRvsgj3Vy1O45ORL16YBhXgfCI2mXpMv8LR
A5OOS62KeakmQDRvDGfzrNjSZINU6uQKBgt5YgI1aidt3TGK0Iue8MvEAiv/R38S
GXPArISLl8xAKv7PUCKPSu9gphTC+r4HziaTJcQl/KbSTIj0jqbhXp36+D8x9Orz
uLwLcEzYvs4=kBIu
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2019-1278:01 Important: pacemaker security update

An update for pacemaker is now available for Red Hat Enterprise Linux 7

Summary

The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures.
Security Fix(es):
* pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)
* pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)
* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Summary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2018-16877 https://access.redhat.com/security/cve/CVE-2018-16878 https://access.redhat.com/security/cve/CVE-2019-3885 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux Server High Availability (v. 7):
Source: pacemaker-1.1.19-8.el7_6.5.src.rpm
ppc64le: pacemaker-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cli-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cts-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-doc-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-libs-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-remote-1.1.19-8.el7_6.5.ppc64le.rpm
s390x: pacemaker-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cli-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cts-1.1.19-8.el7_6.5.s390x.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.s390x.rpm pacemaker-doc-1.1.19-8.el7_6.5.s390x.rpm pacemaker-libs-1.1.19-8.el7_6.5.s390x.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.s390x.rpm pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.s390x.rpm pacemaker-remote-1.1.19-8.el7_6.5.s390x.rpm
x86_64: pacemaker-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cli-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.i686.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cts-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.i686.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-doc-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-libs-1.1.19-8.el7_6.5.i686.rpm pacemaker-libs-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.i686.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-remote-1.1.19-8.el7_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Resilient Storage (v. 7):
Source: pacemaker-1.1.19-8.el7_6.5.src.rpm
ppc64le: pacemaker-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cli-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cts-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-doc-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-libs-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-remote-1.1.19-8.el7_6.5.ppc64le.rpm
s390x: pacemaker-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cli-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cts-1.1.19-8.el7_6.5.s390x.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.s390x.rpm pacemaker-doc-1.1.19-8.el7_6.5.s390x.rpm pacemaker-libs-1.1.19-8.el7_6.5.s390x.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.s390x.rpm pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.s390x.rpm pacemaker-remote-1.1.19-8.el7_6.5.s390x.rpm
x86_64: pacemaker-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cli-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.i686.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cts-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.i686.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-doc-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-libs-1.1.19-8.el7_6.5.i686.rpm pacemaker-libs-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.i686.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-remote-1.1.19-8.el7_6.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity

Advisory ID: RHSA-2019:1278-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2019:1278

Issued Date: : 2019-05-27

CVE Names: CVE-2018-16877 CVE-2018-16878 CVE-2019-3885

Topic

An update for pacemaker is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.