Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Red Hat: RHSA-2019-1278 Important: Pacemaker DoS and Privilege Escalation

Calendar May 27, 2019 User Avatar LinuxSecurity Advisories
4 - 7 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory red hat local privilege escalation DoS important information disclosure pacemaker
An update for pacemaker is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: pacemaker security update
Advisory ID:       RHSA-2019:1278-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1278
Issue date:        2019-05-27
CVE Names:         CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 
====================================================================
1. Summary:

An update for pacemaker is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server High Availability (v. 7) - ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64

3. Description:

The Pacemaker cluster resource manager is a collection of technologies
working together to maintain data integrity and application availability in
the event of failures. 

Security Fix(es):

* pacemaker: Insufficient local IPC client-server authentication on the
client's side can lead to local privesc (CVE-2018-16877)

* pacemaker: Insufficient verification inflicted preference of uncontrolled
processes can lead to DoS (CVE-2018-16878)

* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1652646 - CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc
1657962 - CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS
1694554 - CVE-2019-3885 pacemaker: Information disclosure through use-after-free

6. Package List:

Red Hat Enterprise Linux Server High Availability (v. 7):

Source:
pacemaker-1.1.19-8.el7_6.5.src.rpm

ppc64le:
pacemaker-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cli-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cts-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-doc-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-libs-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-remote-1.1.19-8.el7_6.5.ppc64le.rpm

s390x:
pacemaker-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cli-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cts-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-doc-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-libs-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-remote-1.1.19-8.el7_6.5.s390x.rpm

x86_64:
pacemaker-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cli-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cts-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.i686.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-doc-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-remote-1.1.19-8.el7_6.5.x86_64.rpm

Red Hat Enterprise Linux Server Resilient Storage (v. 7):

Source:
pacemaker-1.1.19-8.el7_6.5.src.rpm

ppc64le:
pacemaker-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cli-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-cts-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-doc-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-libs-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.ppc64le.rpm
pacemaker-remote-1.1.19-8.el7_6.5.ppc64le.rpm

s390x:
pacemaker-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cli-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-cts-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-doc-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-libs-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.s390x.rpm
pacemaker-remote-1.1.19-8.el7_6.5.s390x.rpm

x86_64:
pacemaker-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cli-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-cluster-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-cts-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.i686.rpm
pacemaker-debuginfo-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-doc-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.i686.rpm
pacemaker-libs-devel-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.x86_64.rpm
pacemaker-remote-1.1.19-8.el7_6.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key

7. References:

https://access.redhat.com/security/cve/CVE-2018-16877
https://access.redhat.com/security/cve/CVE-2018-16878
https://access.redhat.com/security/cve/CVE-2019-3885
https://access.redhat.com/security/updates/classification#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXOwJxdzjgjWX9erEAQhDJQ//UVDW61P2iUh8oY2eDj4RP0rkDayTCYWv
yT/hlQfOVwuNwEnDPhmhdpfauTskvi4DwJszOP/P+HUkN+u3jFXK/vcOOm0tSID/
fEyfTyUgQCzXAYjKiRTev/92cEd1CSP5eANoR+3yJCcZCWZ6WJds/3XVlYaB98FA
2AfePPrCry9wzSyvByVjAQKqEa+2CgvjyfXrxVUrAFr8JBINgXic5rZwwmHyloiS
gyl7glpvTRBJbXqZjgdUVaY9BpmRy5QR7Fvza07PLhaFtBkkjxGX+nHAgnpfylG+
dseisUoD8L0m93mD3KhpyLPODMf5yxNdNSuPRagCHB7t1LAsVMtz+fM8+l8YHmKZ
vwoSeX/5wiJ7tOcRCb7T78rQ2ezF+fV60Z2548FE9qrnnhR0x6mUBmuD5pXj9gwf
FQu524BrczM1gb78MWm0yXjeCklH5CQQ6SrpC0fFwmF9yk/MwOAkIFaI3cLuja2M
D959AyCCkhexdMF3CVjZaaKc206iSmRvsgj3Vy1O45ORL16YBhXgfCI2mXpMv8LR
A5OOS62KeakmQDRvDGfzrNjSZINU6uQKBgt5YgI1aidt3TGK0Iue8MvEAiv/R38S
GXPArISLl8xAKv7PUCKPSu9gphTC+r4HziaTJcQl/KbSTIj0jqbhXp36+D8x9Orz
uLwLcEzYvs4=kBIu
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat: RHSA-2019-1278 Important: Pacemaker DoS and Privilege Escalation

red hat
Calendar Grey May 27, 2019
Dist Redhat Esm H88
Oracle has issued a significant patch for the MySQL server on Oracle Linux 7, tackling severe vulnerabilities.
An update for pacemaker is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures.
Security Fix(es):
* pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877)
* pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878)
* pacemaker: Information disclosure through use-after-free (CVE-2019-3885)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory red hat local privilege escalation DoS important information disclosure pacemaker

References

https://access.redhat.com/security/cve/CVE-2018-16877 https://access.redhat.com/security/cve/CVE-2018-16878 https://access.redhat.com/security/cve/CVE-2019-3885 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux Server High Availability (v. 7):
Source: pacemaker-1.1.19-8.el7_6.5.src.rpm
ppc64le: pacemaker-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cli-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-cts-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-doc-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-libs-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.ppc64le.rpm pacemaker-remote-1.1.19-8.el7_6.5.ppc64le.rpm
s390x: pacemaker-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cli-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.s390x.rpm pacemaker-cts-1.1.19-8.el7_6.5.s390x.rpm pacemaker-debuginfo-1.1.19-8.el7_6.5.s390x.rpm pacemaker-doc-1.1.19-8.el7_6.5.s390x.rpm pacemaker-libs-1.1.19-8.el7_6.5.s390x.rpm pacemaker-libs-devel-1.1.19-8.el7_6.5.s390x.rpm pacemaker-nagios-plugins-metadata-1.1.19-8.el7_6.5.s390x.rpm pacemaker-remote-1.1.19-8.el7_6.5.s390x.rpm
x86_64: pacemaker-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cli-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.i686.rpm pacemaker-cluster-libs-1.1.19-8.el7_6.5.x86_64.rpm pacemaker-cts-1.1.19-8.el7_6.5.x86_64.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:1278-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1278
Issue date: 2019-05-27

Topic

An update for pacemaker is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory red hat local privilege escalation DoS important information disclosure pacemaker

Relevant Releases Architectures

Red Hat Enterprise Linux Server High Availability (v. 7) - ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64

Bugs Fixed

1652646 - CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc

1657962 - CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS

1694554 - CVE-2019-3885 pacemaker: Information disclosure through use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here