MGASA-2019-0394
- Source
- https://advisories.mageia.org/MGASA-2019-0394.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0394.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2019-0394
- Related
- Published
- 2019-12-19T13:44:26Z
- Modified
- 2019-12-19T13:23:52Z
- Summary
- Updated pacemaker packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities:
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885)
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877)
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. (CVE-2018-16878)
- References
-
- https://advisories.mageia.org/MGASA-2019-0394.html
- https://bugs.mageia.org/show_bug.cgi?id=24691
- https://www.openwall.com/lists/oss-security/2019/04/17/1
- https://www.openwall.com/lists/oss-security/2019/04/18/2
- http://lists.suse.com/pipermail/sle-security-updates/2019-April/005369.html
- https://access.redhat.com/errata/RHSA-2019:1278
- https://usn.ubuntu.com/3952-1/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / pacemaker
Package
- Name
- pacemaker
- Purl
- pkg:rpm/mageia/pacemaker?distro=mageia-7