Pacemaker: Multiple vulnerabilities — GLSA 201710-08

Multiple vulnerabilities have been found in Pacemaker, the worst of which could result in the execution of arbitrary code.

Affected Packages

sys-cluster/pacemaker on all architectures
Affected versions < 1.1.16
Unaffected versions >= 1.1.16

Background

Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters.

Description

Multiple vulnerabilities have been discovered in Pacemaker. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could execute arbitrary code or a local attacker could escalate privileges.

Workaround

There is no known workaround at this time.

Resolution

All Pacemaker users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-cluster/pacemaker-1.1.16 "
 

References

Release Date
October 08, 2017

Latest Revision
October 08, 2017: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries