UbuntuUpdates.org

Package "pacemaker"

Name: pacemaker

Description:

cluster resource manager
Latest version: 1.1.18-0ubuntu1.3
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://www.clusterlabs.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "pacemaker"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "pacemaker" in Bionic

Repository Area Version
base main 1.1.18-0ubuntu1
base universe 1.1.18-0ubuntu1
security main 1.1.18-0ubuntu1.3
security universe 1.1.18-0ubuntu1.3
updates universe 1.1.18-0ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.1.18-0ubuntu1.3 2020-11-09 15:07:11 UTC

  pacemaker (1.1.18-0ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: ACL restrictions bypass
    - debian/patches/CVE-2020-25654-*.patch: restrict IPC connections.
    - CVE-2020-25654

 -- Marc Deslauriers <email address hidden> Thu, 29 Oct 2020 08:55:05 -0400
Source diff to previous version
CVE-2020-25654 ACL restrictions bypass

Version: 1.1.18-0ubuntu1.2 2020-04-21 10:06:20 UTC

  pacemaker (1.1.18-0ubuntu1.2) bionic; urgency=medium

  * Pacemaker fixes to allow fence-agents to work correctly (LP: #1866119)
    - d/p/lp1866119-Fix-crmd-avoid-double-free.patch: fix double free
      causing intermittent errors
    - d/p/lp1866119-Fix-attrd-ensure-node-name-is-broadcast.patch: fix
      hang on shutdown issue.
    - d/p/lp1866119-Refactor-pengine-functionize.patch: small needed delta
      to allow the unfence fix.
    - d/p/lp1866119-Fix-pengine-unfence-before-probing.patch: allows
      fence-agents to start correctly (LP #1865523)

 -- Rafael David Tinoco <email address hidden> Fri, 06 Mar 2020 02:28:20 +0000
Source diff to previous version
1866119 [bionic] fence_scsi not working properly with Pacemaker 1.1.18-2ubuntu1.1
1865523 [bionic] fence_scsi not working properly with Pacemaker 1.1.18-2ubuntu1.1

Version: 1.1.18-0ubuntu1.1 2019-04-23 14:06:32 UTC

  pacemaker (1.1.18-0ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS and local privilege escalation in client-server
    authentication
    - debian/patches/CVE-2018-1687x-1.patch: make crm_pid_active more
      precise as to when detections fail in include/crm_internal.h,
      lib/common/utils.c.
    - debian/patches/CVE-2018-1687x-2.patch: add new helpers to allow IPC
      client side to authenticate the server in configure.ac,
      include/crm/common/Makefile.am, include/crm/common/ipc.h,
      include/crm/common/ipc_internal.h, lib/common/ipc.c.
    - debian/patches/CVE-2018-1687x-3.patch: pacemakerd to trust
      pre-existing processes via new checks instead in mcp/pacemaker.c.
    - debian/patches/CVE-2018-1687x-4.patch: other daemons to authenticate
      IPC servers of fellow processes in lib/cluster/corosync.c,
      lib/cluster/cpg.c, lib/common/ipc.c, mcp/corosync.c.
    - debian/patches/CVE-2018-1687x-5.patch: CPG users to be careful about
      now-more-probable rival processes in attrd/main.c, cib/main.c,
      crmd/main.c, fencing/main.c, lib/cluster/cpg.c.
    - debian/patches/CVE-2018-1687x-6.patch: fix possible NULL pointer
      dereference in crmd/control.c.
    - debian/libcrmcommon3.symbols: added new symbols.
    - CVE-2018-16877
    - CVE-2018-16878
  * SECURITY UPDATE: information disclosure via use-after-free
    - debian/patches/CVE-2019-3885.patch: fix alert handling in
      lib/services/services.c, lib/services/services_linux.c.
    - CVE-2019-3885

 -- Marc Deslauriers <email address hidden> Thu, 18 Apr 2019 07:56:54 -0400
CVE-2018-1687 RESERVED
CVE-2018-16877 A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could us
CVE-2018-16878 A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead
CVE-2019-3885 A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via t


About   -   Send Feedback to @ubuntu_updates