OESA-2026-2938

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2938
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2938.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2938
Upstream
  • CVE-2026-10649
Published
2026-07-09T12:53:28Z
Modified
2026-07-14T08:15:09.771054368Z
Summary
pacemaker security update
Details

Pacemaker is an advanced, scalable High-Availability cluster resource manager.

Security Fix(es):

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.(CVE-2026-10649)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP3 / pacemaker

Package

Name
pacemaker
Purl
pkg:rpm/openEuler/pacemaker&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.7-12.oe2403sp3

Ecosystem specific

{
    "x86_64": [
        "pacemaker-2.1.7-12.oe2403sp3.x86_64.rpm",
        "pacemaker-cli-2.1.7-12.oe2403sp3.x86_64.rpm",
        "pacemaker-cluster-libs-2.1.7-12.oe2403sp3.x86_64.rpm",
        "pacemaker-debuginfo-2.1.7-12.oe2403sp3.x86_64.rpm",
        "pacemaker-debugsource-2.1.7-12.oe2403sp3.x86_64.rpm",
        "pacemaker-libs-2.1.7-12.oe2403sp3.x86_64.rpm",
        "pacemaker-libs-devel-2.1.7-12.oe2403sp3.x86_64.rpm",
        "pacemaker-remote-2.1.7-12.oe2403sp3.x86_64.rpm"
    ],
    "src": [
        "pacemaker-2.1.7-12.oe2403sp3.src.rpm"
    ],
    "aarch64": [
        "pacemaker-2.1.7-12.oe2403sp3.aarch64.rpm",
        "pacemaker-cli-2.1.7-12.oe2403sp3.aarch64.rpm",
        "pacemaker-cluster-libs-2.1.7-12.oe2403sp3.aarch64.rpm",
        "pacemaker-debuginfo-2.1.7-12.oe2403sp3.aarch64.rpm",
        "pacemaker-debugsource-2.1.7-12.oe2403sp3.aarch64.rpm",
        "pacemaker-libs-2.1.7-12.oe2403sp3.aarch64.rpm",
        "pacemaker-libs-devel-2.1.7-12.oe2403sp3.aarch64.rpm",
        "pacemaker-remote-2.1.7-12.oe2403sp3.aarch64.rpm"
    ],
    "noarch": [
        "pacemaker-cts-2.1.7-12.oe2403sp3.noarch.rpm",
        "pacemaker-doc-2.1.7-12.oe2403sp3.noarch.rpm",
        "pacemaker-nagios-plugins-metadata-2.1.7-12.oe2403sp3.noarch.rpm",
        "pacemaker-schemas-2.1.7-12.oe2403sp3.noarch.rpm",
        "python3-pacemaker-2.1.7-12.oe2403sp3.noarch.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2938.json"