Vulnerability & Exploit Database

Back to search

RHSA-2013:1635: pacemaker security, bug fix, and enhancement update

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:N/I:N/A:P) November 21, 2013 November 21, 2013 July 04, 2017

Description

Pacemaker is a high-availability cluster resource manager with a powerfulpolicy engine.A denial of service flaw was found in the way Pacemaker performedauthentication and processing of remote connections in certaincircumstances. When Pacemaker was configured to allow remote ClusterInformation Base (CIB) configuration or resource management, a remoteattacker could use this flaw to cause Pacemaker to block indefinitely(preventing it from serving other requests). (CVE-2013-0281)Note: The default Pacemaker configuration in Red Hat Enterprise Linux 6 hasthe remote CIB management functionality disabled.The pacemaker package has been upgraded to upstream version 1.1.10, whichprovides a number of bug fixes and enhancements over the previous version:(BZ#987355)Additional bug fixes:All pacemaker users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-pacemaker-debuginfo