Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 8 Nov 2016 21:20:09 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Connie Sieh Subject: Security ERRATA Important: pacemaker on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: <20161108212009.17059.40046@slpackages.fnal.gov> Synopsis: Important: pacemaker security update Advisory ID: SLSA-2016:2675-1 Issue Date: 2016-11-08 CVE Numbers: CVE-2016-7035 -- Security Fix(es): * An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. (CVE-2016-7035) This issue was discovered by Jan "poki" Pokorny (Red Hat) and Alain Moulle (ATOS/BULL). -- SL6 x86_64 pacemaker-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-cli-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm pacemaker-cluster-libs-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-cts-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm pacemaker-debuginfo-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-doc-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm pacemaker-libs-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm pacemaker-libs-devel-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-remote-1.1.14-8.el6_8.2.x86_64.rpm i386 pacemaker-1.1.14-8.el6_8.2.i686.rpm pacemaker-cli-1.1.14-8.el6_8.2.i686.rpm pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm pacemaker-cts-1.1.14-8.el6_8.2.i686.rpm pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm pacemaker-doc-1.1.14-8.el6_8.2.i686.rpm pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm pacemaker-remote-1.1.14-8.el6_8.2.i686.rpm - Scientific Linux Development Team