GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Oct 08, 2017 8:26 pm Post subject: [ GLSA 201710-08 ] Pacemaker |
|
|
Gentoo Linux Security Advisory
Title: Pacemaker: Multiple vulnerabilities (GLSA 201710-08)
Severity: normal
Exploitable: local, remote
Date: 2017-10-08
Bug(s): #546550, #599194
ID: 201710-08
Synopsis
Multiple vulnerabilities have been found in Pacemaker, the worst of
which could result in the execution of arbitrary code.
Background
Pacemaker is an Open Source, High Availability resource manager suitable
for both small and large clusters.
Affected Packages
Package: sys-cluster/pacemaker
Vulnerable: < 1.1.16
Unaffected: >= 1.1.16
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Pacemaker. Please
review the referenced CVE identifiers for details.
Impact
A remote attacker could execute arbitrary code or a local attacker could
escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All Pacemaker users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-cluster/pacemaker-1.1.16 "
|
References
CVE-2015-1867
CVE-2016-7035
|
|