Scientific Linux: SLSA-2016:2675-1 Important Pacemaker Security Update

Date: Tue, 8 Nov 2016 21:20:09 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA Important: pacemaker on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20161108212009.17059.40046@slpackages.fnal.gov>

Synopsis: Important: pacemaker security update
Advisory ID: SLSA-2016:2675-1
Issue Date: 2016-11-08
CVE Numbers: CVE-2016-7035
--

Security Fix(es):

* An authorization flaw was found in Pacemaker, where it did not properly
guard its IPC interface. An attacker with an unprivileged account on a
Pacemaker node could use this flaw to, for example, force the Local
Resource Manager daemon to execute a script as root and thereby gain root
access on the machine. (CVE-2016-7035)

This issue was discovered by Jan "poki" Pokorny (Red Hat) and Alain Moulle
(ATOS/BULL).
--

SL6
 x86_64
 pacemaker-1.1.14-8.el6_8.2.x86_64.rpm
 pacemaker-cli-1.1.14-8.el6_8.2.x86_64.rpm
 pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-cluster-libs-1.1.14-8.el6_8.2.x86_64.rpm
 pacemaker-cts-1.1.14-8.el6_8.2.x86_64.rpm
 pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-debuginfo-1.1.14-8.el6_8.2.x86_64.rpm
 pacemaker-doc-1.1.14-8.el6_8.2.x86_64.rpm
 pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-libs-1.1.14-8.el6_8.2.x86_64.rpm
 pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-libs-devel-1.1.14-8.el6_8.2.x86_64.rpm
 pacemaker-remote-1.1.14-8.el6_8.2.x86_64.rpm
 i386
 pacemaker-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-cli-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-cts-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-doc-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm
 pacemaker-remote-1.1.14-8.el6_8.2.i686.rpm

- Scientific Linux Development Team