ID CVE-2015-1867
Summary Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0
    cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0
  • cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0
    cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0
  • cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0
    cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0
  • cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0
    cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0
  • ClusterLabs Pacemaker 1.1.12 -
    cpe:2.3:a:clusterlabs:pacemaker:1.1.12
CVSS
Base: 7.5 (as of 02-08-2016 - 11:21)
Impact:
Exploitability:
CWE CWE-264
CAPEC
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1424.NASL
    description Updated pacemaker packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Pacemaker Resource Manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. (CVE-2015-1867) This update also fixes the following bugs : * Due to a race condition, nodes that gracefully shut down occasionally had difficulty rejoining the cluster. As a consequence, nodes could come online and be shut down again immediately by the cluster. This bug has been fixed, and the 'shutdown' attribute is now cleared properly. (BZ#1198638) * Prior to this update, the pacemaker utility caused an unexpected termination of the attrd daemon after a system update to Red Hat Enterprise Linux 6.6. The bug has been fixed so that attrd no longer crashes when pacemaker starts. (BZ#1205292) * Previously, the access control list (ACL) of the pacemaker utility allowed a role assignment to the Cluster Information Base (CIB) with a read-only permission. With this update, ACL is enforced and can no longer be bypassed by the user without the write permission, thus fixing this bug. (BZ#1207621) * Prior to this update, the ClusterMon (crm_mon) utility did not trigger an external agent script with the '-E' parameter to monitor the Cluster Information Base (CIB) when the pacemaker utility was used. A patch has been provided to fix this bug, and crm_mon now calls the agent script when the '-E' parameter is used. (BZ#1208896) Users of pacemaker are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84946
    published 2015-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84946
    title RHEL 6 : pacemaker (RHSA-2015:1424)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1424.NASL
    description Updated pacemaker packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Pacemaker Resource Manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. (CVE-2015-1867) This update also fixes the following bugs : * Due to a race condition, nodes that gracefully shut down occasionally had difficulty rejoining the cluster. As a consequence, nodes could come online and be shut down again immediately by the cluster. This bug has been fixed, and the 'shutdown' attribute is now cleared properly. (BZ#1198638) * Prior to this update, the pacemaker utility caused an unexpected termination of the attrd daemon after a system update to Red Hat Enterprise Linux 6.6. The bug has been fixed so that attrd no longer crashes when pacemaker starts. (BZ#1205292) * Previously, the access control list (ACL) of the pacemaker utility allowed a role assignment to the Cluster Information Base (CIB) with a read-only permission. With this update, ACL is enforced and can no longer be bypassed by the user without the write permission, thus fixing this bug. (BZ#1207621) * Prior to this update, the ClusterMon (crm_mon) utility did not trigger an external agent script with the '-E' parameter to monitor the Cluster Information Base (CIB) when the pacemaker utility was used. A patch has been provided to fix this bug, and crm_mon now calls the agent script when the '-E' parameter is used. (BZ#1208896) Users of pacemaker are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85020
    published 2015-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85020
    title CentOS 6 : pacemaker (CESA-2015:1424)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2383.NASL
    description Updated pacemaker packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Pacemaker Resource Manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. (CVE-2015-1867) The pacemaker packages have been upgraded to upstream version 1.1.13, which provides a number of bug fixes and enhancements over the previous version. (BZ#1234680) This update also fixes the following bugs : * When a Pacemaker cluster included an Apache resource, and Apache's mod_systemd module was enabled, systemd rejected notifications sent by Apache. As a consequence, a large number of errors in the following format appeared in the system log : Got notification message from PID XXXX, but reception only permitted for PID YYYY With this update, the lrmd daemon now unsets the 'NOTIFY_SOCKET' variable in the described circumstances, and these error messages are no longer logged. (BZ#1150184) * Previously, specifying a remote guest node as a part of a group resource in a Pacemaker cluster caused the node to stop working. This update adds support for remote guests in Pacemaker group resources, and the described problem no longer occurs. (BZ#1168637) * When a resource in a Pacemaker cluster failed to start, Pacemaker updated the resource's last failure time and incremented its fail count even if the 'on-fail=ignore' option was used. This in some cases caused unintended resource migrations when a resource start failure occurred. Now, Pacemaker does not update the fail count when 'on-fail=ignore' is used. As a result, the failure is displayed in the cluster status output, but is properly ignored and thus does not cause resource migration. (BZ#1200849) * Previously, Pacemaker supported semicolon characters (';') as delimiters when parsing the pcmk_host_map string, but not when parsing the pcmk_host_list string. To ensure consistent user experience, semicolons are now supported as delimiters for parsing pcmk_host_list, as well. (BZ#1206232) In addition, this update adds the following enhancements : * If a Pacemaker location constraint has the 'resource-discovery=never' option, Pacemaker now does not attempt to determine whether a specified service is running on the specified node. In addition, if multiple location constraints for a given resource specify 'resource-discovery=exclusive', then Pacemaker attempts resource discovery only on the nodes specified in those constraints. This allows Pacemaker to skip resource discovery on nodes where attempting the operation would lead to error or other undesirable behavior. (BZ#1108853) * The procedure of configuring fencing for redundant power supplies has been simplified in order to prevent multiple nodes accessing cluster resources at the same time and thus causing data corruption. For further information, see the 'Fencing: Configuring STONITH' chapter of the High Availability Add-On Reference manual. (BZ#1206647) * The output of the 'crm_mon' and 'pcs_status' commands has been modified to be clearer and more concise, and thus easier to read when reporting the status of a Pacemaker cluster with a large number of remote nodes and cloned resources. (BZ#1115840) All pacemaker users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87155
    published 2015-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87155
    title CentOS 7 : pacemaker (CESA-2015:2383)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-F9864ECD8F.NASL
    description Security fix for CVE-2015-1867: issue allegedly present in pacemaker-1.1.12, fixed in pacemaker-1.1.13. * * * pacemaker-1.1.13-3.fc{21,22,23} - Update to Pacemaker-1.1.13 post-release + patches (sync) - Add nagios-plugins-metadata subpackage enabling support of selected Nagios plugins as resources recognized by Pacemaker - Several specfile improvements: drop irrelevant stuff, rehash the included/excluded files + dependencies, add check scriptlet, reflect current packaging practice, do minor cleanups (mostly adopted from another spec) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89464
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89464
    title Fedora 23 : pacemaker-1.1.13-3.fc23 (2015-f9864ecd8f)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-E5E36BBB87.NASL
    description Security fix for CVE-2015-1867: issue allegedly present in pacemaker-1.1.12, fixed in pacemaker-1.1.13. * * * pacemaker-1.1.13-3.fc{21,22,23} - Update to Pacemaker-1.1.13 post-release + patches (sync) - Add nagios-plugins-metadata subpackage enabling support of selected Nagios plugins as resources recognized by Pacemaker - Several specfile improvements: drop irrelevant stuff, rehash the included/excluded files + dependencies, add check scriptlet, reflect current packaging practice, do minor cleanups (mostly adopted from another spec) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89444
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89444
    title Fedora 21 : pacemaker-1.1.13-3.fc21 (2015-e5e36bbb87)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-F6860D8F9D.NASL
    description Security fix for CVE-2015-1867: issue allegedly present in pacemaker-1.1.12, fixed in pacemaker-1.1.13. * * * pacemaker-1.1.13-3.fc{21,22,23} - Update to Pacemaker-1.1.13 post-release + patches (sync) - Add nagios-plugins-metadata subpackage enabling support of selected Nagios plugins as resources recognized by Pacemaker - Several specfile improvements: drop irrelevant stuff, rehash the included/excluded files + dependencies, add check scriptlet, reflect current packaging practice, do minor cleanups (mostly adopted from another spec) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89462
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89462
    title Fedora 22 : pacemaker-1.1.13-3.fc22 (2015-f6860d8f9d)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201710-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201710-08 (Pacemaker: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pacemaker. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code or a local attacker could escalate privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2019-01-08
    plugin id 103726
    published 2017-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103726
    title GLSA-201710-08 : Pacemaker: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150722_PACEMAKER_ON_SL6_X.NASL
    description A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. (CVE-2015-1867) This update also fixes the following bugs : - Due to a race condition, nodes that gracefully shut down occasionally had difficulty rejoining the cluster. As a consequence, nodes could come online and be shut down again immediately by the cluster. This bug has been fixed, and the 'shutdown' attribute is now cleared properly. - Prior to this update, the pacemaker utility caused an unexpected termination of the attrd daemon after a system update to Scientific Linux 6.6. The bug has been fixed so that attrd no longer crashes when pacemaker starts. - Previously, the access control list (ACL) of the pacemaker utility allowed a role assignment to the Cluster Information Base (CIB) with a read-only permission. With this update, ACL is enforced and can no longer be bypassed by the user without the write permission, thus fixing this bug. - Prior to this update, the ClusterMon (crm_mon) utility did not trigger an external agent script with the '-E' parameter to monitor the Cluster Information Base (CIB) when the pacemaker utility was used. A patch has been provided to fix this bug, and crm_mon now calls the agent script when the '-E' parameter is used.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85204
    published 2015-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85204
    title Scientific Linux Security Update : pacemaker on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2383.NASL
    description Updated pacemaker packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Pacemaker Resource Manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. (CVE-2015-1867) The pacemaker packages have been upgraded to upstream version 1.1.13, which provides a number of bug fixes and enhancements over the previous version. (BZ#1234680) This update also fixes the following bugs : * When a Pacemaker cluster included an Apache resource, and Apache's mod_systemd module was enabled, systemd rejected notifications sent by Apache. As a consequence, a large number of errors in the following format appeared in the system log : Got notification message from PID XXXX, but reception only permitted for PID YYYY With this update, the lrmd daemon now unsets the 'NOTIFY_SOCKET' variable in the described circumstances, and these error messages are no longer logged. (BZ#1150184) * Previously, specifying a remote guest node as a part of a group resource in a Pacemaker cluster caused the node to stop working. This update adds support for remote guests in Pacemaker group resources, and the described problem no longer occurs. (BZ#1168637) * When a resource in a Pacemaker cluster failed to start, Pacemaker updated the resource's last failure time and incremented its fail count even if the 'on-fail=ignore' option was used. This in some cases caused unintended resource migrations when a resource start failure occurred. Now, Pacemaker does not update the fail count when 'on-fail=ignore' is used. As a result, the failure is displayed in the cluster status output, but is properly ignored and thus does not cause resource migration. (BZ#1200849) * Previously, Pacemaker supported semicolon characters (';') as delimiters when parsing the pcmk_host_map string, but not when parsing the pcmk_host_list string. To ensure consistent user experience, semicolons are now supported as delimiters for parsing pcmk_host_list, as well. (BZ#1206232) In addition, this update adds the following enhancements : * If a Pacemaker location constraint has the 'resource-discovery=never' option, Pacemaker now does not attempt to determine whether a specified service is running on the specified node. In addition, if multiple location constraints for a given resource specify 'resource-discovery=exclusive', then Pacemaker attempts resource discovery only on the nodes specified in those constraints. This allows Pacemaker to skip resource discovery on nodes where attempting the operation would lead to error or other undesirable behavior. (BZ#1108853) * The procedure of configuring fencing for redundant power supplies has been simplified in order to prevent multiple nodes accessing cluster resources at the same time and thus causing data corruption. For further information, see the 'Fencing: Configuring STONITH' chapter of the High Availability Add-On Reference manual. (BZ#1206647) * The output of the 'crm_mon' and 'pcs_status' commands has been modified to be clearer and more concise, and thus easier to read when reporting the status of a Pacemaker cluster with a large number of remote nodes and cloned resources. (BZ#1115840) All pacemaker users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86987
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86987
    title RHEL 7 : pacemaker (RHSA-2015:2383)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151119_PACEMAKER_ON_SL7_X.NASL
    description A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. (CVE-2015-1867) The pacemaker packages have been upgraded to upstream version 1.1.13, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bugs : - When a Pacemaker cluster included an Apache resource, and Apache's mod_systemd module was enabled, systemd rejected notifications sent by Apache. As a consequence, a large number of errors in the following format appeared in the system log : Got notification message from PID XXXX, but reception only permitted for PID YYYY With this update, the lrmd daemon now unsets the 'NOTIFY_SOCKET' variable in the described circumstances, and these error messages are no longer logged. - Previously, specifying a remote guest node as a part of a group resource in a Pacemaker cluster caused the node to stop working. This update adds support for remote guests in Pacemaker group resources, and the described problem no longer occurs. - When a resource in a Pacemaker cluster failed to start, Pacemaker updated the resource's last failure time and incremented its fail count even if the 'on-fail=ignore' option was used. This in some cases caused unintended resource migrations when a resource start failure occurred. Now, Pacemaker does not update the fail count when 'on-fail=ignore' is used. As a result, the failure is displayed in the cluster status output, but is properly ignored and thus does not cause resource migration. - Previously, Pacemaker supported semicolon characters (';') as delimiters when parsing the pcmk_host_map string, but not when parsing the pcmk_host_list string. To ensure consistent user experience, semicolons are now supported as delimiters for parsing pcmk_host_list, as well. In addition, this update adds the following enhancements : - If a Pacemaker location constraint has the 'resource-discovery=never' option, Pacemaker now does not attempt to determine whether a specified service is running on the specified node. In addition, if multiple location constraints for a given resource specify 'resource- discovery=exclusive', then Pacemaker attempts resource discovery only on the nodes specified in those constraints. This allows Pacemaker to skip resource discovery on nodes where attempting the operation would lead to error or other undesirable behavior. - The procedure of configuring fencing for redundant power supplies has been simplified in order to prevent multiple nodes accessing cluster resources at the same time and thus causing data corruption. For further information, see the 'Fencing: Configuring STONITH' chapter of the High Availability Add-On Reference manual. - The output of the 'crm_mon' and 'pcs_status' commands has been modified to be clearer and more concise, and thus easier to read when reporting the status of a Pacemaker cluster with a large number of remote nodes and cloned resources.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 87568
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87568
    title Scientific Linux Security Update : pacemaker on SL7.x x86_64
redhat via4
advisories
  • bugzilla
    id 1211370
    title CVE-2015-1867 pacemaker: acl read-only access allow role assignment
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment pacemaker is earlier than 0:1.1.12-8.el6
          oval oval:com.redhat.rhsa:tst:20151424011
        • comment pacemaker is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635006
      • AND
        • comment pacemaker-cli is earlier than 0:1.1.12-8.el6
          oval oval:com.redhat.rhsa:tst:20151424005
        • comment pacemaker-cli is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635014
      • AND
        • comment pacemaker-cluster-libs is earlier than 0:1.1.12-8.el6
          oval oval:com.redhat.rhsa:tst:20151424015
        • comment pacemaker-cluster-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635016
      • AND
        • comment pacemaker-cts is earlier than 0:1.1.12-8.el6
          oval oval:com.redhat.rhsa:tst:20151424009
        • comment pacemaker-cts is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635018
      • AND
        • comment pacemaker-doc is earlier than 0:1.1.12-8.el6
          oval oval:com.redhat.rhsa:tst:20151424013
        • comment pacemaker-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635012
      • AND
        • comment pacemaker-libs is earlier than 0:1.1.12-8.el6
          oval oval:com.redhat.rhsa:tst:20151424017
        • comment pacemaker-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635008
      • AND
        • comment pacemaker-libs-devel is earlier than 0:1.1.12-8.el6
          oval oval:com.redhat.rhsa:tst:20151424019
        • comment pacemaker-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635010
      • AND
        • comment pacemaker-remote is earlier than 0:1.1.12-8.el6
          oval oval:com.redhat.rhsa:tst:20151424007
        • comment pacemaker-remote is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635020
    rhsa
    id RHSA-2015:1424
    released 2015-07-22
    severity Moderate
    title RHSA-2015:1424: pacemaker security and bug fix update (Moderate)
  • bugzilla
    id 1267265
    title introduces regression for Clone and M/S resources
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment pacemaker is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383013
        • comment pacemaker is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635006
      • AND
        • comment pacemaker-cli is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383017
        • comment pacemaker-cli is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635014
      • AND
        • comment pacemaker-cluster-libs is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383005
        • comment pacemaker-cluster-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635016
      • AND
        • comment pacemaker-cts is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383011
        • comment pacemaker-cts is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635018
      • AND
        • comment pacemaker-doc is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383019
        • comment pacemaker-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635012
      • AND
        • comment pacemaker-libs is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383007
        • comment pacemaker-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635008
      • AND
        • comment pacemaker-libs-devel is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383015
        • comment pacemaker-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635010
      • AND
        • comment pacemaker-nagios-plugins-metadata is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383009
        • comment pacemaker-nagios-plugins-metadata is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152383010
      • AND
        • comment pacemaker-remote is earlier than 0:1.1.13-10.el7
          oval oval:com.redhat.rhsa:tst:20152383021
        • comment pacemaker-remote is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131635020
    rhsa
    id RHSA-2015:2383
    released 2015-11-19
    severity Moderate
    title RHSA-2015:2383: pacemaker security, bug fix, and enhancement update (Moderate)
rpms
  • pacemaker-0:1.1.12-8.el6
  • pacemaker-cli-0:1.1.12-8.el6
  • pacemaker-cluster-libs-0:1.1.12-8.el6
  • pacemaker-cts-0:1.1.12-8.el6
  • pacemaker-doc-0:1.1.12-8.el6
  • pacemaker-libs-0:1.1.12-8.el6
  • pacemaker-libs-devel-0:1.1.12-8.el6
  • pacemaker-remote-0:1.1.12-8.el6
  • pacemaker-0:1.1.13-10.el7
  • pacemaker-cli-0:1.1.13-10.el7
  • pacemaker-cluster-libs-0:1.1.13-10.el7
  • pacemaker-cts-0:1.1.13-10.el7
  • pacemaker-doc-0:1.1.13-10.el7
  • pacemaker-libs-0:1.1.13-10.el7
  • pacemaker-libs-devel-0:1.1.13-10.el7
  • pacemaker-nagios-plugins-metadata-0:1.1.13-10.el7
  • pacemaker-remote-0:1.1.13-10.el7
refmap via4
bid 74231
confirm
fedora
  • FEDORA-2015-e5e36bbb87
  • FEDORA-2015-f6860d8f9d
  • FEDORA-2015-f9864ecd8f
gentoo GLSA-201710-08
Last major update 07-12-2016 - 13:09
Published 12-08-2015 - 10:59
Last modified 09-10-2017 - 21:30
Back to Top