File _patchinfo of Package patchinfo.11072

<patchinfo incident="11072">
  <issue tracker="bnc" id="1131353">VUL-0: CVE-2018-16878: pacemaker: Insufficient verification inflicted preference of uncontrolled processes</issue>
  <issue tracker="bnc" id="1131356">VUL-0: CVE-2018-16877: pacemaker:  Insufficient local IPC client-server authentication on the client's side</issue>
  <issue tracker="bnc" id="1117381">L3: stonith/ipmi monitor timeouts after update of crmsh</issue>
  <issue tracker="bnc" id="1131357">VUL-1: CVE-2019-3885: pacemaker: Information disclosure through use-after-free</issue>
  <issue tracker="cve" id="2019-3885"/>
  <issue tracker="cve" id="2018-16877"/>
  <issue tracker="cve" id="2018-16878"/>
  <packager>yan_gao</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for pacemaker</summary>
  <description>This update for pacemaker fixes the following issues:

Security issues fixed:

- CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357)
- CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356)
- CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353)

Non-security issue fixed:

- crmd: delete resource from lrmd when appropriate to avoid timeouts with crmsh (bsc#1117381).
</description>
</patchinfo>