Overview

File _patchinfo of Package patchinfo.3535

<patchinfo incident="3535">
  <issue id="987348" tracker="bnc">ping resource agent can fail silently</issue>
  <issue id="1000743" tracker="bnc">Maintenance node gets fenced although it shuts down cleanly</issue>
  <issue id="1007433" tracker="bnc">VUL-0: CVE-2016-7035: pacemaker: improper IPC guarding</issue>
  <issue id="967388" tracker="bnc">DoS: valid authkey should be required for takeover of a Pacemaker remote</issue>
  <issue id="1003565" tracker="bnc">Partner-L3: pacemaker_remoted fails to start</issue>
  <issue id="1002767" tracker="bnc">VUL-0: CVE-2016-7797: pacemaker: PCS remote nodes vulnerable to hijacking, resulting in a DoS attack</issue>
  <issue id="986644" tracker="bnc">Compute nodes rebooting every few days</issue>
  <issue id="2016-7035" tracker="cve" />
  <issue id="2016-7797" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>yan_gao</packager>
  <description>
This update for pacemaker fixes the following issues:

Security issues fixed:
- CVE-2016-7797: Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767).
- CVE-2016-7035: Fixed improper IPC guarding in pacemaker (bsc#1007433).

Bug fixes:
- bsc#1003565: crmd: Record pending operations in the CIB before they are performed
- bsc#1000743: pengine: Do not fence a maintenance node if it shuts down cleanly
- bsc#987348: ping: Avoid temporary files for fping check
- bsc#986644: libcrmcommon: report errors consistently when waiting for data on connection
- bsc#986644: remote: Correctly calculate the remaining timeouts when receiving messages
</description>
  <summary>Security update for pacemaker</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places