Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 616
Alerts This Week
Warning Icon 1 616

Ubuntu 19.04: USN-3952-1 Moderate: Pacemaker Local Attack Risk

ubuntu
Calendar Grey April 23, 2019
Dist Ubuntu Esm H88
Multiple Pacemaker problems addressed in Ubuntu releases 19.04, 18.10, 18.04 LTS, and 16.04 LTS with new package updates accessible.
Several security issues were fixed in Pacemaker.

Summary

Several security issues were fixed in Pacemaker.

Software Description:

- pacemaker: Cluster resource manager

Details:

Jan Pokorný discovered that Pacemaker incorrectly handled client-server

authentication. A local attacker could possibly use this issue to escalate

privileges. (CVE-2018-16877)

Jan Pokorný discovered that Pacemaker incorrectly handled certain

verifications. A local attacker could possibly use this issue to cause a

denial of service. (CVE-2018-16878)

Jan Pokorný discovered that Pacemaker incorrectly handled certain memory

operations. A local attacker could possibly use this issue to obtain

sensitive information in log outputs. This issue only applied to Ubuntu

18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  pacemaker                       1.1.18-2ubuntu1.19.04.1

Ubuntu 18.10:
  pacemaker                       1.1.18-2ubuntu1.18.10.1

Ubuntu 18.04 LTS:
  pacemaker                       1.1.18-0ubuntu1.1

Ubuntu 16.04 LTS:
  pacemaker                       1.1.14-2ubuntu1.6

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3952-1

CVE-2018-16877, CVE-2018-16878, CVE-2019-3885

April 23, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.