SciLinux 7: SLSA-2016:2578-2 Moderate: Pacemaker DoS Issue

Date: Wed, 14 Dec 2016 18:14:45 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Moderate: pacemaker on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20161214181445.15405.85586@slpackages.fnal.gov>

Synopsis: Moderate: pacemaker security, bug fix, and enhancement update
Advisory ID: SLSA-2016:2578-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-7797
--

The following packages have been upgraded to a newer upstream version:
pacemaker (1.1.15).

Security Fix(es):

* It was found that the connection between a pacemaker cluster and a
pacemaker_remote node could be shut down using a new unauthenticated
connection. A remote attacker could use this flaw to cause a denial of
service. (CVE-2016-7797)

Additional Changes:
--

SL7
 x86_64
 pacemaker-1.1.15-11.el7.x86_64.rpm
 pacemaker-cli-1.1.15-11.el7.x86_64.rpm
 pacemaker-cluster-libs-1.1.15-11.el7.i686.rpm
 pacemaker-cluster-libs-1.1.15-11.el7.x86_64.rpm
 pacemaker-cts-1.1.15-11.el7.x86_64.rpm
 pacemaker-debuginfo-1.1.15-11.el7.i686.rpm
 pacemaker-debuginfo-1.1.15-11.el7.x86_64.rpm
 pacemaker-doc-1.1.15-11.el7.x86_64.rpm
 pacemaker-libs-1.1.15-11.el7.i686.rpm
 pacemaker-libs-1.1.15-11.el7.x86_64.rpm
 pacemaker-libs-devel-1.1.15-11.el7.i686.rpm
 pacemaker-libs-devel-1.1.15-11.el7.x86_64.rpm
 pacemaker-nagios-plugins-metadata-1.1.15-11.el7.x86_64.rpm
 pacemaker-remote-1.1.15-11.el7.x86_64.rpm

- Scientific Linux Development Team