Sicherheit: Mehrere Probleme in pacemaker - Pro-Linux

Caution: This email originated from outside the organization. Do not click
 links or open attachments unless you have verified this email is legitimate.

   SUSE Security Update: Security update for pacemaker
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:1047-1
Rating:             important
References:         #1117381 #1117934 #1128374 #1128772 #1131353
                    #1131356 #1131357
Cross-References:   CVE-2018-16877 CVE-2018-16878 CVE-2019-3885

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP4
                    SUSE Linux Enterprise High Availability 12-SP4
______________________________________________________________________________

   An update that solves three vulnerabilities and has four
   fixes is now available.

Description:

   This update for pacemaker fixes the following issues:

   Security issues fixed:

   - CVE-2019-3885: Fixed an information disclosure in log output.
     (bsc#1131357)
   - CVE-2018-16877: Fixed a local privilege escalation through insufficient
     IPC client-server authentication. (bsc#1131356)
   - CVE-2018-16878: Fixed a denial of service through insufficient
     verification inflicted preference of uncontrolled processes.
     (bsc#1131353)

   Non-security issue fixed:

   - scheduler: Respect the order of constraints when relevant resources are
     being probed. (bsc#1117934, bsc#1128374)

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation
 methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP4:

      zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1047=1

   - SUSE Linux Enterprise High Availability 12-SP4:

      zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1047=1

Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le
 s390x x86_64):

      libpacemaker-devel-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.10.1

   - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):

      libpacemaker3-1.1.19+20181105.ccd6b5b10-3.10.1
      libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.10.1
      pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1

References:

   https://www.suse.com/security/cve/CVE-2018-16877.html
   https://www.suse.com/security/cve/CVE-2018-16878.html
   https://www.suse.com/security/cve/CVE-2019-3885.html
   https://bugzilla.suse.com/1117381
   https://bugzilla.suse.com/1117934
   https://bugzilla.suse.com/1128374
   https://bugzilla.suse.com/1128772
   https://bugzilla.suse.com/1131353
   https://bugzilla.suse.com/1131356
   https://bugzilla.suse.com/1131357

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates