Fedora 30: pacemaker Security Update
Summary
Pacemaker is an advanced, scalable High-Availability cluster resource
manager.
It supports more than 16 node clusters with significant capabilities
for managing resources and dependencies.
It will run scripts at initialization, when machines go up or down,
when related resources fail and can be configured to periodically check
resource health.
Available rpmbuild rebuild options:
--with(out) : coverage doc hardening pre_release profiling
Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878
[ 1 ] Bug #1652646 - CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc
https://bugzilla.redhat.com/show_bug.cgi?id=1652646
[ 2 ] Bug #1657962 - CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1657962
[ 3 ] Bug #1694554 - CVE-2019-3885 pacemaker: Information disclosure through use-after-free
https://bugzilla.redhat.com/show_bug.cgi?id=1694554
su -c 'dnf upgrade --advisory FEDORA-2019-e4c8de3fb7' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
FEDORA-2019-e4c8de3fb7 2019-04-23 23:43:53.692511 Product : Fedora 30 Version : 2.0.1 Release : 2.fc30 URL : https://clusterlabs.org/ Summary : Scalable High-Availability cluster resource manager Description : Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: --with(out) : coverage doc hardening pre_release profiling Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878 [ 1 ] Bug #1652646 - CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc https://bugzilla.redhat.com/show_bug.cgi?id=1652646 [ 2 ] Bug #1657962 - CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1657962 [ 3 ] Bug #1694554 - CVE-2019-3885 pacemaker: Information disclosure through use-after-free https://bugzilla.redhat.com/show_bug.cgi?id=1694554 su -c 'dnf upgrade --advisory FEDORA-2019-e4c8de3fb7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Change Log
References