Scientific Linux 7: SLSA-2016:2614-1 Critical: Pacemaker Security Issue

Date: Wed, 14 Dec 2016 17:42:03 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Important: pacemaker on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20161214174203.15411.53025@slpackages.fnal.gov>

Synopsis: Important: pacemaker security and bug fix update
Advisory ID: SLSA-2016:2614-1
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-7035
--

Security Fix(es):

* An authorization flaw was found in Pacemaker, where it did not properly
guard its IPC interface. An attacker with an unprivileged account on a
Pacemaker node could use this flaw to, for example, force the Local
Resource Manager daemon to execute a script as root and thereby gain root
access on the machine. (CVE-2016-7035)

Bug Fix(es):

* The version of Pacemaker in Scientific Linux 7.3 incorporated an
increase in the version number of the remote node protocol. Consequently,
cluster nodes running Pacemaker in Scientific Linux 7.3 and remote nodes
running earlier versions of Scientific Linux were not able to communicate
with each other unless special precautions were taken. This update
preserves the rolling upgrade capability.
--

SL7
 x86_64
 pacemaker-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-cli-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-cluster-libs-1.1.15-11.el7_3.2.i686.rpm
 pacemaker-cluster-libs-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-cts-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-debuginfo-1.1.15-11.el7_3.2.i686.rpm
 pacemaker-debuginfo-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-doc-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-libs-1.1.15-11.el7_3.2.i686.rpm
 pacemaker-libs-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-libs-devel-1.1.15-11.el7_3.2.i686.rpm
 pacemaker-libs-devel-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-nagios-plugins-metadata-1.1.15-11.el7_3.2.x86_64.rpm
 pacemaker-remote-1.1.15-11.el7_3.2.x86_64.rpm

- Scientific Linux Development Team