RHSA-2013:1635: pacemaker security, bug fix, and enhancement update
|4||(AV:N/AC:M/Au:N/C:N/I:N/A:P)||November 21, 2013||November 21, 2013||July 04, 2017|
Pacemaker is a high-availability cluster resource manager with a powerfulpolicy engine.A denial of service flaw was found in the way Pacemaker performedauthentication and processing of remote connections in certaincircumstances. When Pacemaker was configured to allow remote ClusterInformation Base (CIB) configuration or resource management, a remoteattacker could use this flaw to cause Pacemaker to block indefinitely(preventing it from serving other requests). (CVE-2013-0281)Note: The default Pacemaker configuration in Red Hat Enterprise Linux 6 hasthe remote CIB management functionality disabled.The pacemaker package has been upgraded to upstream version 1.1.10, whichprovides a number of bug fixes and enhancements over the previous version:(BZ#987355)Additional bug fixes:All pacemaker users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities