Security update for pacemaker
This update for pacemaker fixes the following issues:
Security issues fixed:
- CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357)
- CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356)
- CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353)
Non-security issue fixed:
- crmd: delete resource from lrmd when appropriate to avoid timeouts with crmsh (bsc#1117381).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Yan Gao (yan_gao)
Fixed bugs
bnc#1131353
VUL-0: CVE-2018-16878: pacemaker: Insufficient verification inflicted preference of uncontrolled processes
bnc#1131356
VUL-0: CVE-2018-16877: pacemaker: Insufficient local IPC client-server authentication on the client's side
bnc#1117381
L3: stonith/ipmi monitor timeouts after update of crmsh
bnc#1131357
VUL-1: CVE-2019-3885: pacemaker: Information disclosure through use-after-free
