Sicherheit: Ausführen von Code mit höheren Privilegien in pacemaker
Aktuelle Meldungen Distributionen
Name: Ausführen von Code mit höheren Privilegien in pacemaker
ID: FEDORA-2015-e5e36bbb87
Distribution: Fedora
Plattformen: Fedora 21
Datum: Mo, 2. November 2015, 06:46
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1867
Applikationen: pacemaker


Name        : pacemaker
Product : Fedora 21
Version : 1.1.13
Release : 3.fc21
URL : http://www.clusterlabs.org
Summary : Scalable High-Availability cluster resource manager
Description :
Pacemaker is an advanced, scalable High-Availability cluster resource
manager for Corosync, CMAN and/or Linux-HA.

It supports more than 16 node clusters with significant capabilities
for managing resources and dependencies.

It will run scripts at initialization, when machines go up or down,
when related resources fail and can be configured to periodically check
resource health.

Available rpmbuild rebuild options:
--with(out) : doc coverage profiling pre_release upstart_job

Update Information:

Security fix for CVE-2015-1867: issue allegedly present in pacemaker-1.1.12,
fixed in pacemaker-1.1.13. * * * pacemaker-1.1.13-3.fc{21,22,23} - Update to
Pacemaker-1.1.13 post-release + patches (sync) - Add nagios-plugins-metadata
subpackage enabling support of selected Nagios plugins as resources recognized
by Pacemaker - Several specfile improvements: drop irrelevant stuff, rehash the
included/excluded files + dependencies, add check scriptlet, reflect current
packaging practice, do minor cleanups (mostly adopted from another spec)

[ 1 ] Bug #1211370 - CVE-2015-1867 pacemaker: acl read-only access allow role

This update can be installed with the "yum" update program. Use
su -c 'yum update pacemaker' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten