SUSE-SU-2016:3162-1
Vulnerability from csaf_suse - Published: 2016-12-15 13:52 - Updated: 2016-12-15 13:52Summary
Security update for pacemaker
Notes
Title of the patch
Security update for pacemaker
Description of the patch
This update for pacemaker fixes one security issue and several non-security issues.
The following security issue has been fixed:
- libcrmcommon: Fix improper IPC guarding. (bsc#1007433, CVE-2016-7035)
The following non-security issues have been fixed:
- Add logrotate to reqs of pacemaker-cli.
- Add $remote_fs dependencies to the init scripts.
- all: Clarify licensing and copyrights.
- attrd,ipc: Prevent possible segfault on exit. (bsc#986056)
- attrd, libcrmcommon: Validate attrd requests better.
- attrd_updater: Fix usage of HAVE_ATOMIC_ATTRD.
- cib/fencing: Set status callback before connecting to cluster. (bsc#974108)
- ClusterMon: Fix to avoid matching other process with the same PID.
- crmd: Acknowledge cancellation operations for remote connection resources. (bsc#976865)
- crmd: Avoid timeout on older peers when cancelling a resource operation.
- crmd: Record pending operations in the CIB before they are performed. (bsc#1003565)
- crmd: Clear remote node operation history only when it comes up.
- crmd: Clear remote node transient attributes on disconnect. (bsc#981489)
- crmd: Don't abort transitions for CIB comment changes.
- crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down.
- crmd: Get full action information earlier. (bsc#981731)
- crmd: Graceful proxy shutdown is now tested. (bsc#981489)
- crmd: Keep a state of LRMD in the DC node latest.
- crmd,lrmd,liblrmd: Use defined constants for lrmd IPC operations. (bsc#981489)
- crmd: Mention that graceful remote shutdowns may cause connection failures. (bsc#981489)
- crmd/pengine: Handle on-fail=ignore properly. (bsc#981731)
- crmd/pengine: Implement on-fail=ignore without allow-fail. (bsc#981731)
- crmd: Remove dead code. (bsc#981731)
- crmd: Rename action number variable in process_graph_event(). (bsc#981731)
- crmd: Resend the shutdown request if the DC forgets.
- crmd: Respect start-failure-is-fatal even for artificially injected events. (bsc#981731)
- crmd: Set remote flag when gracefully shutting down remote nodes. (bsc#981489)
- crmd: Set the shutdown transient attribute in response to LRMD_IPC_OP_SHUTDOWN_REQ from remote nodes. (bsc#981489)
- crmd: Support graceful pacemaker_remote stops. (bsc#981489)
- crmd: Take start-delay into account for the timeout of the action timer. (bsc#977258)
- crmd: Use defined constant for magic 'direct nack' RC. (bsc#981731)
- crmd: Use proper resource agent name when caching metadata.
- crmd: When node load was reduced, crmd carries out a feasible action.
- crm_mon: Avoid logging errors for any CIB changes that we don't care about. (bsc#986931)
- crm_mon: Consistently print ms resource state.
- crm_mon: Do not call setenv with null value.
- crm_mon: Do not log errors for the known CIB changes that should be ignored. (bsc#986931)
- crm_mon: Fix time formatting on x32.
- cts: Avoid kill usage error if DummySD stop called when already stopped.
- CTS: Get Reattach test working again and up-to-date. (bsc#953192)
- cts: Simulate pacemaker_remote failure with kill. (bsc#981489)
- fencing/fence_legacy: Search capable devices by querying them through 'list' action for cluster-glue stonith
agents. (bsc#986265)
- fencing: Record the last known names of nodes to make sure fencing requested with nodeid works. (bsc#974108)
- libais,libcluster,libcrmcommon,liblrmd: Don't use %z specifier.
- libcib,libfencing,libtransition: Handle memory allocation errors without CRM_CHECK().
- lib: Correction of the deletion of the notice registration.
- libcrmcommon: Correct directory name in log message.
- libcrmcommon: Ensure crm_time_t structure is fully initialized by API calls.
- libcrmcommon: Log XML comments correctly.
- libcrmcommon: Properly handle XML comments when comparing v2 patchset diffs.
- libcrmcommon: Really ensure crm_time_t structure is fully initialized by API calls.
- libcrmcommon: Remove extraneous format specifier from log message.
- libcrmcommon: Report errors consistently when waiting for data on connection. (bsc#986644)
- libfencing: Report added node ID correctly.
- liblrmd: Avoid memory leak when closing or deleting lrmd connections.
- libpengine: Allow pe_order_same_node option for constraints.
- libpengine: Log message when stonith disabled, not enabled.
- libpengine: Only log startup-fencing warning once.
- libtransition: Potential memory leak if unpacking action fails.
- lrmd: Handle shutdown a little more cleanly. (bsc#981489)
- lrmd,libcluster: Ensure g_hash_table_foreach() is never passed a null table.
- lrmd,liblrmd: Add lrmd IPC operations for requesting and acknowledging shutdown. (bsc#981489)
- lrmd: Make proxied IPC providers/clients opaque. (bsc#981489)
- mcp: Improve comments for sysconfig options.
- pacemaker_remote: Set LSB Provides header to the service name.
- pacemaker_remote: Support graceful stops. (bsc#981489)
- PE: Correctly update the dependent actions of un-runnable clones.
- PE: Honor the shutdown transient attributes for remote nodes. (bsc#981489)
- pengine: Avoid memory leak when invalid constraint involves set.
- pengine: Avoid null dereference in new same-node ordering option.
- pengine: Avoid transition loop for start-then-stop + unfencing.
- pengine: Avoid use-after-free with location constraint + sets + templates.
- pengine: Better error handling when unpacking sets in location constraints.
- pengine: Consider resource failed if any of the configured monitor operations failed. (bsc#972187)
- pengine: Correction of the record judgment of the failed information.
- pengine: Do not fence a maintenance node if it shuts down cleanly. (bsc#1000743)
- pengine: Correctly set the environment variable 'OCF_RESKEY_CRM_meta_timeout' when 'start-delay' is configured.
(bsc#977258)
- pengine: Only set unfencing constraints once.
- pengine: Organize order of actions for master resources in anti-colocations. (bsc#977800)
- pengine: Organize order of actions for slave resources in anti-colocations. (bsc#977800)
- pengine: Properly order stop actions relative to stonith.
- pengine: Respect asymmetrical ordering when trying to move resources. (bsc#977675)
- pengine: Set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources.
- pengine,tools: Display pending resource state by default when it's available. (bsc#986201)
- ping: Avoid temp files in fping_check. (bsc#987348)
- ping: Avoid temporary files for fping check. (bsc#987348)
- ping: Log sensible error when /tmp is full. (bsc#987348)
- ping resource: Use fping6 for IPv6 hosts. (bsc#976271)
- RA/SysInfo: Reset the node attribute '#health_disk' to 'green' when there's sufficient free disk. (bsc#975079)
- remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076)
- remote: Correctly calculate the remaining timeouts when receiving messages. (bsc#986644)
- resources: Use OCF version tagging correctly.
- services: Correctly clean up service actions for non-dbus case.
- spec: fence_pcmk only eligible for Pacemaker+CMAN.
- stonithd: Correction of the wrong connection process name.
- sysconfig: Minor tweaks (typo, wording).
- tools: Avoid memory leaks in crm_resource --restart.
- tools: Avoid memory leak when crm_mon unpacks constraints.
- tools: Correctly count starting resources when doing crm_resource --restart.
- tools: crm_resource -T option should not be hidden anymore.
- tools: crm_standby --version/--help should work without cluster.
- tools: Do not send command lines to syslog. (bsc#986676)
- tools: Do not assume all resources restart on same node with crm_resource --restart.
- tools: Don't require node to be known to crm_resource when deleting attribute.
- tools: Properly handle crm_resource --restart with a resource in a group.
- tools: Remember any existing target-role when doing crm_resource --restart.
- various: Issues discovered via valgrind and coverity.
Additionally, the following references have been added to the changelog:
bsc#970733, fate#318381, bsc#1002767, CVE-2016-7797, bsc#971129
Patchnames
slehasp4-pacemaker-12889
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pacemaker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for pacemaker fixes one security issue and several non-security issues.\n\nThe following security issue has been fixed:\n\n- libcrmcommon: Fix improper IPC guarding. (bsc#1007433, CVE-2016-7035)\n\nThe following non-security issues have been fixed:\n\n- Add logrotate to reqs of pacemaker-cli.\n- Add $remote_fs dependencies to the init scripts.\n- all: Clarify licensing and copyrights.\n- attrd,ipc: Prevent possible segfault on exit. (bsc#986056)\n- attrd, libcrmcommon: Validate attrd requests better.\n- attrd_updater: Fix usage of HAVE_ATOMIC_ATTRD.\n- cib/fencing: Set status callback before connecting to cluster. (bsc#974108)\n- ClusterMon: Fix to avoid matching other process with the same PID.\n- crmd: Acknowledge cancellation operations for remote connection resources. (bsc#976865)\n- crmd: Avoid timeout on older peers when cancelling a resource operation.\n- crmd: Record pending operations in the CIB before they are performed. (bsc#1003565)\n- crmd: Clear remote node operation history only when it comes up.\n- crmd: Clear remote node transient attributes on disconnect. (bsc#981489)\n- crmd: Don\u0027t abort transitions for CIB comment changes.\n- crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down.\n- crmd: Get full action information earlier. (bsc#981731)\n- crmd: Graceful proxy shutdown is now tested. (bsc#981489)\n- crmd: Keep a state of LRMD in the DC node latest.\n- crmd,lrmd,liblrmd: Use defined constants for lrmd IPC operations. (bsc#981489)\n- crmd: Mention that graceful remote shutdowns may cause connection failures. (bsc#981489)\n- crmd/pengine: Handle on-fail=ignore properly. (bsc#981731)\n- crmd/pengine: Implement on-fail=ignore without allow-fail. (bsc#981731)\n- crmd: Remove dead code. (bsc#981731)\n- crmd: Rename action number variable in process_graph_event(). (bsc#981731)\n- crmd: Resend the shutdown request if the DC forgets.\n- crmd: Respect start-failure-is-fatal even for artificially injected events. (bsc#981731)\n- crmd: Set remote flag when gracefully shutting down remote nodes. (bsc#981489)\n- crmd: Set the shutdown transient attribute in response to LRMD_IPC_OP_SHUTDOWN_REQ from remote nodes. (bsc#981489)\n- crmd: Support graceful pacemaker_remote stops. (bsc#981489)\n- crmd: Take start-delay into account for the timeout of the action timer. (bsc#977258)\n- crmd: Use defined constant for magic \u0027direct nack\u0027 RC. (bsc#981731)\n- crmd: Use proper resource agent name when caching metadata.\n- crmd: When node load was reduced, crmd carries out a feasible action.\n- crm_mon: Avoid logging errors for any CIB changes that we don\u0027t care about. (bsc#986931)\n- crm_mon: Consistently print ms resource state.\n- crm_mon: Do not call setenv with null value.\n- crm_mon: Do not log errors for the known CIB changes that should be ignored. (bsc#986931)\n- crm_mon: Fix time formatting on x32.\n- cts: Avoid kill usage error if DummySD stop called when already stopped.\n- CTS: Get Reattach test working again and up-to-date. (bsc#953192)\n- cts: Simulate pacemaker_remote failure with kill. (bsc#981489)\n- fencing/fence_legacy: Search capable devices by querying them through \u0027list\u0027 action for cluster-glue stonith \n agents. (bsc#986265)\n- fencing: Record the last known names of nodes to make sure fencing requested with nodeid works. (bsc#974108)\n- libais,libcluster,libcrmcommon,liblrmd: Don\u0027t use %z specifier.\n- libcib,libfencing,libtransition: Handle memory allocation errors without CRM_CHECK().\n- lib: Correction of the deletion of the notice registration.\n- libcrmcommon: Correct directory name in log message.\n- libcrmcommon: Ensure crm_time_t structure is fully initialized by API calls.\n- libcrmcommon: Log XML comments correctly.\n- libcrmcommon: Properly handle XML comments when comparing v2 patchset diffs.\n- libcrmcommon: Really ensure crm_time_t structure is fully initialized by API calls.\n- libcrmcommon: Remove extraneous format specifier from log message.\n- libcrmcommon: Report errors consistently when waiting for data on connection. (bsc#986644)\n- libfencing: Report added node ID correctly.\n- liblrmd: Avoid memory leak when closing or deleting lrmd connections.\n- libpengine: Allow pe_order_same_node option for constraints.\n- libpengine: Log message when stonith disabled, not enabled.\n- libpengine: Only log startup-fencing warning once.\n- libtransition: Potential memory leak if unpacking action fails.\n- lrmd: Handle shutdown a little more cleanly. (bsc#981489)\n- lrmd,libcluster: Ensure g_hash_table_foreach() is never passed a null table.\n- lrmd,liblrmd: Add lrmd IPC operations for requesting and acknowledging shutdown. (bsc#981489)\n- lrmd: Make proxied IPC providers/clients opaque. (bsc#981489)\n- mcp: Improve comments for sysconfig options.\n- pacemaker_remote: Set LSB Provides header to the service name.\n- pacemaker_remote: Support graceful stops. (bsc#981489)\n- PE: Correctly update the dependent actions of un-runnable clones.\n- PE: Honor the shutdown transient attributes for remote nodes. (bsc#981489)\n- pengine: Avoid memory leak when invalid constraint involves set.\n- pengine: Avoid null dereference in new same-node ordering option.\n- pengine: Avoid transition loop for start-then-stop + unfencing.\n- pengine: Avoid use-after-free with location constraint + sets + templates.\n- pengine: Better error handling when unpacking sets in location constraints.\n- pengine: Consider resource failed if any of the configured monitor operations failed. (bsc#972187)\n- pengine: Correction of the record judgment of the failed information.\n- pengine: Do not fence a maintenance node if it shuts down cleanly. (bsc#1000743)\n- pengine: Correctly set the environment variable \u0027OCF_RESKEY_CRM_meta_timeout\u0027 when \u0027start-delay\u0027 is configured. \n (bsc#977258)\n- pengine: Only set unfencing constraints once.\n- pengine: Organize order of actions for master resources in anti-colocations. (bsc#977800)\n- pengine: Organize order of actions for slave resources in anti-colocations. (bsc#977800)\n- pengine: Properly order stop actions relative to stonith.\n- pengine: Respect asymmetrical ordering when trying to move resources. (bsc#977675)\n- pengine: Set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources.\n- pengine,tools: Display pending resource state by default when it\u0027s available. (bsc#986201)\n- ping: Avoid temp files in fping_check. (bsc#987348)\n- ping: Avoid temporary files for fping check. (bsc#987348)\n- ping: Log sensible error when /tmp is full. (bsc#987348)\n- ping resource: Use fping6 for IPv6 hosts. (bsc#976271)\n- RA/SysInfo: Reset the node attribute \u0027#health_disk\u0027 to \u0027green\u0027 when there\u0027s sufficient free disk. (bsc#975079)\n- remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076)\n- remote: Correctly calculate the remaining timeouts when receiving messages. (bsc#986644)\n- resources: Use OCF version tagging correctly.\n- services: Correctly clean up service actions for non-dbus case.\n- spec: fence_pcmk only eligible for Pacemaker+CMAN.\n- stonithd: Correction of the wrong connection process name.\n- sysconfig: Minor tweaks (typo, wording).\n- tools: Avoid memory leaks in crm_resource --restart.\n- tools: Avoid memory leak when crm_mon unpacks constraints.\n- tools: Correctly count starting resources when doing crm_resource --restart.\n- tools: crm_resource -T option should not be hidden anymore.\n- tools: crm_standby --version/--help should work without cluster.\n- tools: Do not send command lines to syslog. (bsc#986676)\n- tools: Do not assume all resources restart on same node with crm_resource --restart.\n- tools: Don\u0027t require node to be known to crm_resource when deleting attribute.\n- tools: Properly handle crm_resource --restart with a resource in a group.\n- tools: Remember any existing target-role when doing crm_resource --restart.\n- various: Issues discovered via valgrind and coverity.\n\nAdditionally, the following references have been added to the changelog:\n\nbsc#970733, fate#318381, bsc#1002767, CVE-2016-7797, bsc#971129\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slehasp4-pacemaker-12889",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_3162-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:3162-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20163162-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:3162-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-December/002489.html"
},
{
"category": "self",
"summary": "SUSE Bug 1000743",
"url": "https://bugzilla.suse.com/1000743"
},
{
"category": "self",
"summary": "SUSE Bug 1002767",
"url": "https://bugzilla.suse.com/1002767"
},
{
"category": "self",
"summary": "SUSE Bug 1003565",
"url": "https://bugzilla.suse.com/1003565"
},
{
"category": "self",
"summary": "SUSE Bug 1007433",
"url": "https://bugzilla.suse.com/1007433"
},
{
"category": "self",
"summary": "SUSE Bug 1009076",
"url": "https://bugzilla.suse.com/1009076"
},
{
"category": "self",
"summary": "SUSE Bug 953192",
"url": "https://bugzilla.suse.com/953192"
},
{
"category": "self",
"summary": "SUSE Bug 970733",
"url": "https://bugzilla.suse.com/970733"
},
{
"category": "self",
"summary": "SUSE Bug 971129",
"url": "https://bugzilla.suse.com/971129"
},
{
"category": "self",
"summary": "SUSE Bug 972187",
"url": "https://bugzilla.suse.com/972187"
},
{
"category": "self",
"summary": "SUSE Bug 974108",
"url": "https://bugzilla.suse.com/974108"
},
{
"category": "self",
"summary": "SUSE Bug 975079",
"url": "https://bugzilla.suse.com/975079"
},
{
"category": "self",
"summary": "SUSE Bug 976271",
"url": "https://bugzilla.suse.com/976271"
},
{
"category": "self",
"summary": "SUSE Bug 976865",
"url": "https://bugzilla.suse.com/976865"
},
{
"category": "self",
"summary": "SUSE Bug 977258",
"url": "https://bugzilla.suse.com/977258"
},
{
"category": "self",
"summary": "SUSE Bug 977675",
"url": "https://bugzilla.suse.com/977675"
},
{
"category": "self",
"summary": "SUSE Bug 977800",
"url": "https://bugzilla.suse.com/977800"
},
{
"category": "self",
"summary": "SUSE Bug 981489",
"url": "https://bugzilla.suse.com/981489"
},
{
"category": "self",
"summary": "SUSE Bug 981731",
"url": "https://bugzilla.suse.com/981731"
},
{
"category": "self",
"summary": "SUSE Bug 986056",
"url": "https://bugzilla.suse.com/986056"
},
{
"category": "self",
"summary": "SUSE Bug 986201",
"url": "https://bugzilla.suse.com/986201"
},
{
"category": "self",
"summary": "SUSE Bug 986265",
"url": "https://bugzilla.suse.com/986265"
},
{
"category": "self",
"summary": "SUSE Bug 986644",
"url": "https://bugzilla.suse.com/986644"
},
{
"category": "self",
"summary": "SUSE Bug 986676",
"url": "https://bugzilla.suse.com/986676"
},
{
"category": "self",
"summary": "SUSE Bug 986931",
"url": "https://bugzilla.suse.com/986931"
},
{
"category": "self",
"summary": "SUSE Bug 987348",
"url": "https://bugzilla.suse.com/987348"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7035 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7797 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7797/"
}
],
"title": "Security update for pacemaker",
"tracking": {
"current_release_date": "2016-12-15T13:52:25Z",
"generator": {
"date": "2016-12-15T13:52:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:3162-1",
"initial_release_date": "2016-12-15T13:52:25Z",
"revision_history": [
{
"date": "2016-12-15T13:52:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpacemaker-devel-1.1.12-18.1.i586",
"product": {
"name": "libpacemaker-devel-1.1.12-18.1.i586",
"product_id": "libpacemaker-devel-1.1.12-18.1.i586"
}
},
{
"category": "product_version",
"name": "libpacemaker3-1.1.12-18.1.i586",
"product": {
"name": "libpacemaker3-1.1.12-18.1.i586",
"product_id": "libpacemaker3-1.1.12-18.1.i586"
}
},
{
"category": "product_version",
"name": "pacemaker-1.1.12-18.1.i586",
"product": {
"name": "pacemaker-1.1.12-18.1.i586",
"product_id": "pacemaker-1.1.12-18.1.i586"
}
},
{
"category": "product_version",
"name": "pacemaker-cli-1.1.12-18.1.i586",
"product": {
"name": "pacemaker-cli-1.1.12-18.1.i586",
"product_id": "pacemaker-cli-1.1.12-18.1.i586"
}
},
{
"category": "product_version",
"name": "pacemaker-remote-1.1.12-18.1.i586",
"product": {
"name": "pacemaker-remote-1.1.12-18.1.i586",
"product_id": "pacemaker-remote-1.1.12-18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpacemaker-devel-1.1.12-18.1.ia64",
"product": {
"name": "libpacemaker-devel-1.1.12-18.1.ia64",
"product_id": "libpacemaker-devel-1.1.12-18.1.ia64"
}
},
{
"category": "product_version",
"name": "libpacemaker3-1.1.12-18.1.ia64",
"product": {
"name": "libpacemaker3-1.1.12-18.1.ia64",
"product_id": "libpacemaker3-1.1.12-18.1.ia64"
}
},
{
"category": "product_version",
"name": "pacemaker-1.1.12-18.1.ia64",
"product": {
"name": "pacemaker-1.1.12-18.1.ia64",
"product_id": "pacemaker-1.1.12-18.1.ia64"
}
},
{
"category": "product_version",
"name": "pacemaker-cli-1.1.12-18.1.ia64",
"product": {
"name": "pacemaker-cli-1.1.12-18.1.ia64",
"product_id": "pacemaker-cli-1.1.12-18.1.ia64"
}
},
{
"category": "product_version",
"name": "pacemaker-remote-1.1.12-18.1.ia64",
"product": {
"name": "pacemaker-remote-1.1.12-18.1.ia64",
"product_id": "pacemaker-remote-1.1.12-18.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpacemaker-devel-1.1.12-18.1.ppc64",
"product": {
"name": "libpacemaker-devel-1.1.12-18.1.ppc64",
"product_id": "libpacemaker-devel-1.1.12-18.1.ppc64"
}
},
{
"category": "product_version",
"name": "libpacemaker3-1.1.12-18.1.ppc64",
"product": {
"name": "libpacemaker3-1.1.12-18.1.ppc64",
"product_id": "libpacemaker3-1.1.12-18.1.ppc64"
}
},
{
"category": "product_version",
"name": "pacemaker-1.1.12-18.1.ppc64",
"product": {
"name": "pacemaker-1.1.12-18.1.ppc64",
"product_id": "pacemaker-1.1.12-18.1.ppc64"
}
},
{
"category": "product_version",
"name": "pacemaker-cli-1.1.12-18.1.ppc64",
"product": {
"name": "pacemaker-cli-1.1.12-18.1.ppc64",
"product_id": "pacemaker-cli-1.1.12-18.1.ppc64"
}
},
{
"category": "product_version",
"name": "pacemaker-remote-1.1.12-18.1.ppc64",
"product": {
"name": "pacemaker-remote-1.1.12-18.1.ppc64",
"product_id": "pacemaker-remote-1.1.12-18.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpacemaker-devel-1.1.12-18.1.s390x",
"product": {
"name": "libpacemaker-devel-1.1.12-18.1.s390x",
"product_id": "libpacemaker-devel-1.1.12-18.1.s390x"
}
},
{
"category": "product_version",
"name": "libpacemaker3-1.1.12-18.1.s390x",
"product": {
"name": "libpacemaker3-1.1.12-18.1.s390x",
"product_id": "libpacemaker3-1.1.12-18.1.s390x"
}
},
{
"category": "product_version",
"name": "pacemaker-1.1.12-18.1.s390x",
"product": {
"name": "pacemaker-1.1.12-18.1.s390x",
"product_id": "pacemaker-1.1.12-18.1.s390x"
}
},
{
"category": "product_version",
"name": "pacemaker-cli-1.1.12-18.1.s390x",
"product": {
"name": "pacemaker-cli-1.1.12-18.1.s390x",
"product_id": "pacemaker-cli-1.1.12-18.1.s390x"
}
},
{
"category": "product_version",
"name": "pacemaker-remote-1.1.12-18.1.s390x",
"product": {
"name": "pacemaker-remote-1.1.12-18.1.s390x",
"product_id": "pacemaker-remote-1.1.12-18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpacemaker-devel-1.1.12-18.1.x86_64",
"product": {
"name": "libpacemaker-devel-1.1.12-18.1.x86_64",
"product_id": "libpacemaker-devel-1.1.12-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpacemaker3-1.1.12-18.1.x86_64",
"product": {
"name": "libpacemaker3-1.1.12-18.1.x86_64",
"product_id": "libpacemaker3-1.1.12-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "pacemaker-1.1.12-18.1.x86_64",
"product": {
"name": "pacemaker-1.1.12-18.1.x86_64",
"product_id": "pacemaker-1.1.12-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "pacemaker-cli-1.1.12-18.1.x86_64",
"product": {
"name": "pacemaker-cli-1.1.12-18.1.x86_64",
"product_id": "pacemaker-cli-1.1.12-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "pacemaker-remote-1.1.12-18.1.x86_64",
"product": {
"name": "pacemaker-remote-1.1.12-18.1.x86_64",
"product_id": "pacemaker-remote-1.1.12-18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 11 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-hae:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker-devel-1.1.12-18.1.i586 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.i586"
},
"product_reference": "libpacemaker-devel-1.1.12-18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker-devel-1.1.12-18.1.ia64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ia64"
},
"product_reference": "libpacemaker-devel-1.1.12-18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker-devel-1.1.12-18.1.ppc64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ppc64"
},
"product_reference": "libpacemaker-devel-1.1.12-18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker-devel-1.1.12-18.1.s390x as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.s390x"
},
"product_reference": "libpacemaker-devel-1.1.12-18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker-devel-1.1.12-18.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.x86_64"
},
"product_reference": "libpacemaker-devel-1.1.12-18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker3-1.1.12-18.1.i586 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.i586"
},
"product_reference": "libpacemaker3-1.1.12-18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker3-1.1.12-18.1.ia64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ia64"
},
"product_reference": "libpacemaker3-1.1.12-18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker3-1.1.12-18.1.ppc64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ppc64"
},
"product_reference": "libpacemaker3-1.1.12-18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker3-1.1.12-18.1.s390x as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.s390x"
},
"product_reference": "libpacemaker3-1.1.12-18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpacemaker3-1.1.12-18.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.x86_64"
},
"product_reference": "libpacemaker3-1.1.12-18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-1.1.12-18.1.i586 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.i586"
},
"product_reference": "pacemaker-1.1.12-18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-1.1.12-18.1.ia64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ia64"
},
"product_reference": "pacemaker-1.1.12-18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-1.1.12-18.1.ppc64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ppc64"
},
"product_reference": "pacemaker-1.1.12-18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-1.1.12-18.1.s390x as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.s390x"
},
"product_reference": "pacemaker-1.1.12-18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-1.1.12-18.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.x86_64"
},
"product_reference": "pacemaker-1.1.12-18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-cli-1.1.12-18.1.i586 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.i586"
},
"product_reference": "pacemaker-cli-1.1.12-18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-cli-1.1.12-18.1.ia64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ia64"
},
"product_reference": "pacemaker-cli-1.1.12-18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-cli-1.1.12-18.1.ppc64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ppc64"
},
"product_reference": "pacemaker-cli-1.1.12-18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-cli-1.1.12-18.1.s390x as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.s390x"
},
"product_reference": "pacemaker-cli-1.1.12-18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-cli-1.1.12-18.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.x86_64"
},
"product_reference": "pacemaker-cli-1.1.12-18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-remote-1.1.12-18.1.i586 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.i586"
},
"product_reference": "pacemaker-remote-1.1.12-18.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-remote-1.1.12-18.1.ia64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ia64"
},
"product_reference": "pacemaker-remote-1.1.12-18.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-remote-1.1.12-18.1.ppc64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ppc64"
},
"product_reference": "pacemaker-remote-1.1.12-18.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-remote-1.1.12-18.1.s390x as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.s390x"
},
"product_reference": "pacemaker-remote-1.1.12-18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pacemaker-remote-1.1.12-18.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 11 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.x86_64"
},
"product_reference": "pacemaker-remote-1.1.12-18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7035"
}
],
"notes": [
{
"category": "general",
"text": "An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7035",
"url": "https://www.suse.com/security/cve/CVE-2016-7035"
},
{
"category": "external",
"summary": "SUSE Bug 1007433 for CVE-2016-7035",
"url": "https://bugzilla.suse.com/1007433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-15T13:52:25Z",
"details": "moderate"
}
],
"title": "CVE-2016-7035"
},
{
"cve": "CVE-2016-7797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7797"
}
],
"notes": [
{
"category": "general",
"text": "Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7797",
"url": "https://www.suse.com/security/cve/CVE-2016-7797"
},
{
"category": "external",
"summary": "SUSE Bug 1002767 for CVE-2016-7797",
"url": "https://bugzilla.suse.com/1002767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker-devel-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:libpacemaker3-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-cli-1.1.12-18.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.i586",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ia64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.ppc64",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.s390x",
"SUSE Linux Enterprise High Availability Extension 11 SP4:pacemaker-remote-1.1.12-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-12-15T13:52:25Z",
"details": "moderate"
}
],
"title": "CVE-2016-7797"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…