libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10507-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 on GA media These are all security issues fixed in the libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10507 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-2496/ SUSE CVE CVE-2010-2496 page https://www.suse.com/security/cve/CVE-2015-1867/ SUSE CVE CVE-2015-1867 page https://www.suse.com/security/cve/CVE-2016-7035/ SUSE CVE CVE-2016-7035 page https://www.suse.com/security/cve/CVE-2016-7797/ SUSE CVE CVE-2016-7797 page openSUSE Tumbleweed libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 libpacemaker3-1.1.15+git20161104.b6f251a-1.1 pacemaker-1.1.15+git20161104.b6f251a-1.1 pacemaker-cli-1.1.15+git20161104.b6f251a-1.1 pacemaker-cts-1.1.15+git20161104.b6f251a-1.1 pacemaker-remote-1.1.15+git20161104.b6f251a-1.1 libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 as a component of openSUSE Tumbleweed libpacemaker3-1.1.15+git20161104.b6f251a-1.1 as a component of openSUSE Tumbleweed pacemaker-1.1.15+git20161104.b6f251a-1.1 as a component of openSUSE Tumbleweed pacemaker-cli-1.1.15+git20161104.b6f251a-1.1 as a component of openSUSE Tumbleweed pacemaker-cts-1.1.15+git20161104.b6f251a-1.1 as a component of openSUSE Tumbleweed pacemaker-remote-1.1.15+git20161104.b6f251a-1.1 as a component of openSUSE Tumbleweed stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. CVE-2010-2496 openSUSE Tumbleweed:libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:libpacemaker3-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-cli-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-cts-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-remote-1.1.15+git20161104.b6f251a-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2496.html CVE-2010-2496 https://bugzilla.suse.com/620781 SUSE Bug 620781 Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. CVE-2015-1867 openSUSE Tumbleweed:libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:libpacemaker3-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-cli-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-cts-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-remote-1.1.15+git20161104.b6f251a-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1867.html CVE-2015-1867 https://bugzilla.suse.com/927828 SUSE Bug 927828 An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. CVE-2016-7035 openSUSE Tumbleweed:libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:libpacemaker3-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-cli-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-cts-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-remote-1.1.15+git20161104.b6f251a-1.1 moderate 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7035.html CVE-2016-7035 https://bugzilla.suse.com/1007433 SUSE Bug 1007433 Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. CVE-2016-7797 openSUSE Tumbleweed:libpacemaker-devel-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:libpacemaker3-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-cli-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-cts-1.1.15+git20161104.b6f251a-1.1 openSUSE Tumbleweed:pacemaker-remote-1.1.15+git20161104.b6f251a-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7797.html CVE-2016-7797 https://bugzilla.suse.com/1002767 SUSE Bug 1002767