SUSE-SU-2020:3094-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2020/suse-su-20203094-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3094-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2020:3094-1

Related

CVE-2020-25654

Published

2020-10-29T15:44:12Z

Modified

2020-10-29T15:44:12Z

Summary

Security update for pacemaker

Details

This update for pacemaker fixes the following issues:

attrd: handle shutdown more cleanly (bsc#1173668)
executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916)
extra: quote shell variables in agent code where appropriate (bsc#1175557)
fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916)
Fixes for %_libexecdir changing to /usr/libexec
pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916)
resources: use ocfistrue in SysInfo
rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171)

References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP3 / pacemaker

Package

Name: pacemaker
Purl: pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.16-6.23.1

Ecosystem specific

{
    "binaries": [
        {
            "pacemaker-cli": "1.1.16-6.23.1",
            "libpacemaker3": "1.1.16-6.23.1",
            "pacemaker-cts": "1.1.16-6.23.1",
            "pacemaker": "1.1.16-6.23.1",
            "pacemaker-remote": "1.1.16-6.23.1"
        }
    ]
}