- Issued:
- 2016-11-08
- Updated:
- 2016-11-08
RHSA-2016:2675 - Security Advisory
Synopsis
Important: pacemaker security update
Type/Severity
Security Advisory: Important
Topic
An update for pacemaker is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure.
Security Fix(es):
- An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. (CVE-2016-7035)
This issue was discovered by Jan "poki" Pokorny (Red Hat) and Alain Moulle (ATOS/BULL).
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux High Availability (for RHEL Server) 6 x86_64
- Red Hat Enterprise Linux High Availability (for RHEL Server) 6 i386
- Red Hat Enterprise Linux Resilient Storage (for RHEL Server) 6 x86_64
- Red Hat Enterprise Linux Resilient Storage (for RHEL Server) 6 i386
Fixes
- BZ - 1369732 - CVE-2016-7035 pacemaker: Privilege escalation due to improper guarding of IPC communication
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux High Availability (for RHEL Server) 6
| SRPM | |
|---|---|
| pacemaker-1.1.14-8.el6_8.2.src.rpm | SHA-256: 2ab690470e7139dabd5010ab07e3de896660fae422696b2b8f0e73a3266bd0db |
| x86_64 | |
| pacemaker-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 6460df9605c4ed9010073779fb6a668483f5d6fd8f5a10cdc691fd0ac7737f37 |
| pacemaker-cli-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 6a4b3ecd8e31c04af0bf7dc03cc26b49ed7c62bc55a7d4818c534d16f7e7d71d |
| pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 8a74b0486ae93de4d099df45ebc8ceb67b433ec2b1555a932db0610e5dd1d208 |
| pacemaker-cluster-libs-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 0413de2b375c2501522ddca9234946506498e0164e23827704aa1f1f59a9489d |
| pacemaker-cts-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 6838c5206497cc425b00b87fa09178520cc9b4b674653cd1ad7d07df103771ee |
| pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm | SHA-256: f6ad635342fbe4f40073b2e78d69f20215705b00f600dbc7288f4b8b71489a5b |
| pacemaker-debuginfo-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: ab6132e53f4b6179f3e7a12453b3275e3ff8632f49e8d3a1e043811df2be8f0e |
| pacemaker-doc-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 0c4a3f35477bc11dc81b0aae9f94859d2c52d71547cfa299ee9b8ef3a827fe9f |
| pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm | SHA-256: dfd5df3a2e67673dbdc06fc498232c9ba6aff7bb8c24485cda31c080a5752e7d |
| pacemaker-libs-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: f13b81d8bbdd32e19915382a4c1abe9d4e5f4ce5eff3cee0f503093da5a3ff60 |
| pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 4fb90d864450eaf17f03c2fd4d9e4ccf440ad4fc36e34f3cc6c62975fee00c0e |
| pacemaker-libs-devel-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: b04955663f5c3a280e34d657d865738b9d302260ab4a3281ab926cfad48d3602 |
| pacemaker-remote-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 6d557186d454a0257ef76769749add09ff05b8e384d6f7f7a1e73f2920f1dbd0 |
| i386 | |
| pacemaker-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 3a34947faefbe76dcf7d3ca7dcc42a4f9da550c3e6a4ed3149a46e9bb589fbf1 |
| pacemaker-cli-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 70822d663e8a8793364929f812b651793aa54fe7803860bc3281f4f352e85e52 |
| pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 8a74b0486ae93de4d099df45ebc8ceb67b433ec2b1555a932db0610e5dd1d208 |
| pacemaker-cts-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 41aa3796fcf5b62420488c160f88f15ef879bfee6ae40a3f04f0b8a3c9e996c0 |
| pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm | SHA-256: f6ad635342fbe4f40073b2e78d69f20215705b00f600dbc7288f4b8b71489a5b |
| pacemaker-doc-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 88c8e9433a6f69ad758be362c7d7a713a4c7fe9aeb84e971f95b3665a3855cb6 |
| pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm | SHA-256: dfd5df3a2e67673dbdc06fc498232c9ba6aff7bb8c24485cda31c080a5752e7d |
| pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 4fb90d864450eaf17f03c2fd4d9e4ccf440ad4fc36e34f3cc6c62975fee00c0e |
| pacemaker-remote-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 6007dc4c81caa3ab222e2c62369d595e49b49fcff2350b63bf939367841a1c59 |
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) 6
| SRPM | |
|---|---|
| pacemaker-1.1.14-8.el6_8.2.src.rpm | SHA-256: 2ab690470e7139dabd5010ab07e3de896660fae422696b2b8f0e73a3266bd0db |
| x86_64 | |
| pacemaker-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 6460df9605c4ed9010073779fb6a668483f5d6fd8f5a10cdc691fd0ac7737f37 |
| pacemaker-cli-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 6a4b3ecd8e31c04af0bf7dc03cc26b49ed7c62bc55a7d4818c534d16f7e7d71d |
| pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 8a74b0486ae93de4d099df45ebc8ceb67b433ec2b1555a932db0610e5dd1d208 |
| pacemaker-cluster-libs-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 0413de2b375c2501522ddca9234946506498e0164e23827704aa1f1f59a9489d |
| pacemaker-cts-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 6838c5206497cc425b00b87fa09178520cc9b4b674653cd1ad7d07df103771ee |
| pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm | SHA-256: f6ad635342fbe4f40073b2e78d69f20215705b00f600dbc7288f4b8b71489a5b |
| pacemaker-debuginfo-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: ab6132e53f4b6179f3e7a12453b3275e3ff8632f49e8d3a1e043811df2be8f0e |
| pacemaker-doc-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 0c4a3f35477bc11dc81b0aae9f94859d2c52d71547cfa299ee9b8ef3a827fe9f |
| pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm | SHA-256: dfd5df3a2e67673dbdc06fc498232c9ba6aff7bb8c24485cda31c080a5752e7d |
| pacemaker-libs-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: f13b81d8bbdd32e19915382a4c1abe9d4e5f4ce5eff3cee0f503093da5a3ff60 |
| pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 4fb90d864450eaf17f03c2fd4d9e4ccf440ad4fc36e34f3cc6c62975fee00c0e |
| pacemaker-libs-devel-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: b04955663f5c3a280e34d657d865738b9d302260ab4a3281ab926cfad48d3602 |
| pacemaker-remote-1.1.14-8.el6_8.2.x86_64.rpm | SHA-256: 6d557186d454a0257ef76769749add09ff05b8e384d6f7f7a1e73f2920f1dbd0 |
| i386 | |
| pacemaker-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 3a34947faefbe76dcf7d3ca7dcc42a4f9da550c3e6a4ed3149a46e9bb589fbf1 |
| pacemaker-cli-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 70822d663e8a8793364929f812b651793aa54fe7803860bc3281f4f352e85e52 |
| pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 8a74b0486ae93de4d099df45ebc8ceb67b433ec2b1555a932db0610e5dd1d208 |
| pacemaker-cts-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 41aa3796fcf5b62420488c160f88f15ef879bfee6ae40a3f04f0b8a3c9e996c0 |
| pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm | SHA-256: f6ad635342fbe4f40073b2e78d69f20215705b00f600dbc7288f4b8b71489a5b |
| pacemaker-doc-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 88c8e9433a6f69ad758be362c7d7a713a4c7fe9aeb84e971f95b3665a3855cb6 |
| pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm | SHA-256: dfd5df3a2e67673dbdc06fc498232c9ba6aff7bb8c24485cda31c080a5752e7d |
| pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 4fb90d864450eaf17f03c2fd4d9e4ccf440ad4fc36e34f3cc6c62975fee00c0e |
| pacemaker-remote-1.1.14-8.el6_8.2.i686.rpm | SHA-256: 6007dc4c81caa3ab222e2c62369d595e49b49fcff2350b63bf939367841a1c59 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.