SUSE: 2020:3054-1 Important: Pacemaker DoS Security Fix
suse
October 27, 2020
An update that solves one vulnerability, contains three features and has three fixes is now available
Summary
This update for pacemaker fixes the following issues: Update to 2.0.4: - based: use crm_exit to free qb-logging - cibsecret: don't use pssh -q option unless supported - crm_error: use g_free for a proper match - crm_mon: NULL output-pointer when buffer is freed - crm_resource: avoid unnecessary issus with dynamic allocation - crm_ticket: avoid unnecessary issues with dynamic allocation - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - fencer: avoid infinite loop if device is removed during operation - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - libcrmcommon: free basename after setting prgname - libcrmcommon: return ENOMEM directly instead of errno - libpe_status: Modify filtering of inactive resources.
Topics Covered
References
#1167171 #1173668 #1175557 #1177916 ECO-1611
SLE-12239 SLE-12240
Cross- CVE-2020-25654
Affected Products:
SUSE Linux Enterprise High Availability 15-SP2
https://www.suse.com/security/cve/CVE-2020-25654.html
https://bugzilla.suse.com/1167171
https://bugzilla.suse.com/1173668
https://bugzilla.suse.com/1175557
https://bugzilla.suse.com/1177916
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2020:3054-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!