SUSE: 2019:1047-1 Important: Pacemaker Info Disclosure and DoS
suse
April 26, 2019
An update that solves three vulnerabilities and has four fixes is now available
Summary
This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357) - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Non-security issue fixed: - scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:
References
#1117381 #1117934 #1128374 #1128772 #1131353
#1131356 #1131357
Cross- CVE-2018-16877 CVE-2018-16878 CVE-2019-3885
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise High Availability 12-SP4
https://www.suse.com/security/cve/CVE-2018-16877.html
https://www.suse.com/security/cve/CVE-2018-16878.html
https://www.suse.com/security/cve/CVE-2019-3885.html
https://bugzilla.suse.com/1117381
https://bugzilla.suse.com/1117934
https://bugzilla.suse.com/1128374
https://bugzilla.suse.com/1128772
https://bugzilla.suse.com/1131353
https://bugzilla.suse.com/1131356
https://bugzilla.suse.com/1131357
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:1047-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!