pacemaker-1.1.19-8.el7.5
エラータID: AXSA:2019-3935:04
リリース日:
2019/07/22 Monday - 07:10
題名:
pacemaker-1.1.19-8.el7.5
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- pacemakerには、クライアントとサーバー間の認証に、ローカルの攻撃者が他の
IPC の欠点と組み合わせて、ローカルの権限昇格が可能な脆弱性があります。
(CVE-2018-16877)
- pacemakerには、検証が不十分なため、制御されていないプロセスを
選択することにより、DoS攻撃に繋がる脆弱性があります。
(CVE-2018-16878)
- pacemakerには、システムログを通じて機密情報の流出に繋がる
use-after-free の脆弱性があります。(CVE-2019-3885)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-16877
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
CVE-2018-16878
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
CVE-2019-3885
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
追加情報:
N/A
ダウンロード:
SRPMS
- pacemaker-1.1.19-8.el7.5.src.rpm
MD5: 429e8dedd63b46d8d7652ac48f5311b4
SHA-256: b332fba077c691256da8b858261153f4b2cf89ff88f91215cabbf6fa667172bd
Size: 5.83 MB
Asianux Server 7 for x86_64
- pacemaker-1.1.19-8.el7.5.x86_64.rpm
MD5: ca0575016ebba9ebc854f5ed3f3ab9ce
SHA-256: b6f6536a4065b8587b580bc884af709439fca9dfd3f649f68a370192616d88cf
Size: 463.02 kB - pacemaker-cli-1.1.19-8.el7.5.x86_64.rpm
MD5: 9855393c15f69b9f6e717d8d8f3e14cc
SHA-256: 2e4b1574278113e98df4dfc80f381c0806c9a3033ee1ccd38ce769a3c6348f9c
Size: 350.50 kB - pacemaker-cluster-libs-1.1.19-8.el7.5.x86_64.rpm
MD5: 88513bbd24f0d8c9dacc2d04431a8fbc
SHA-256: 7935569553242c955701de0653fcfd320a5efe64d8d669d5c5f853bb38113b56
Size: 155.97 kB - pacemaker-cts-1.1.19-8.el7.5.x86_64.rpm
MD5: cadda1f6be63b628405725bc0ae5a916
SHA-256: 1b5bdc2823a6cd9a406e07e80d552260da01abd3208b0d10122d9df9fc92ddd9
Size: 288.68 kB - pacemaker-doc-1.1.19-8.el7.5.x86_64.rpm
MD5: 3aeaeffd959022d5023d910f524d7a9a
SHA-256: aef83b15cb244c098861535be8def246c4d2ebcc1fcb751d015ad1085c4624d7
Size: 87.45 kB - pacemaker-libs-1.1.19-8.el7.5.x86_64.rpm
MD5: b06a995780cf82a9e4546f27e4d7297e
SHA-256: 5364e6ea8c1f8245d67f145232539cf8dc5a808d8d4ee1accc43eb6d1bc3bbcd
Size: 625.68 kB - pacemaker-libs-devel-1.1.19-8.el7.5.x86_64.rpm
MD5: b26148ed593ebab9b823637b596142cc
SHA-256: 0f54105eb4c996b63f75277f5d8d289b85a17f23939828beed3e5559c220bd55
Size: 1.82 MB - pacemaker-nagios-plugins-metadata-1.1.19-8.el7.5.x86_64.rpm
MD5: 0d6dfcefb8087c0699266a90e5254c45
SHA-256: 919c2d224f8ab25a0056b8cff57cdd565aacd56dd00f2f5fcfda54c7a0766e8c
Size: 64.36 kB - pacemaker-remote-1.1.19-8.el7.5.x86_64.rpm
MD5: c73a71c1d08f6c52ac05fcbf41a0cb47
SHA-256: e8a2b3c297705abbc43c7fa0509095b37bdf2cb3cde538f7fbee60d7723107bd
Size: 150.64 kB - pacemaker-cluster-libs-1.1.19-8.el7.5.i686.rpm
MD5: 97ea394f0b8a74b47d0aaaa9b6b3f242
SHA-256: 2d8ad3e3ee96c817ac8f3db4aa9a7cf49460337aa5edf2f4e643ee2b1ecf9d23
Size: 154.72 kB - pacemaker-libs-1.1.19-8.el7.5.i686.rpm
MD5: f8a650d7ff648b1500162581a7f2f66e
SHA-256: cdb8c378e23c0c1505aeceb6119fcfa557a1a63a6871e47ceb4a28890cfad25f
Size: 597.87 kB - pacemaker-libs-devel-1.1.19-8.el7.5.i686.rpm
MD5: f3f4873e7b18c11d7a63def75fe0dd1b
SHA-256: e7ab8ea2762aa6a039ee9a0c96636e4b56a8aa1d82bf96d8a08092a996ecd1cb
Size: 1.81 MB