openSUSE Security Update: Security update for pacemaker
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1825-1
Rating: important
References: #1167171 #1173668 #1175557 #1177916
Cross-References: CVE-2020-25654
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update for pacemaker fixes the following issues:
– executor: restrict certain IPC requests to Pacemaker daemons
(CVE-2020-25654, bsc#1177916)
– extra: add vim modelines to agents
– extra: quote shell variables in agent code where appropriate
(bsc#1175557)
– extra: remove trailing whitespace from agent code
– extra: update agent boilerplate (copyright/license notices)
– extra: use 4-space indents in resource agent code
– extra: use “:=” where appropriate in agent code
– fencer: restrict certain IPC requests to privileged users
(CVE-2020-25654, bsc#1177916)
– move bcond_with/without up front for e.g. pcmk_release
– pacemakerd: ignore shutdown requests from unprivileged users
(CVE-2020-25654, bsc#1177916)
– rpm: add spec option for enabling CIB secrets
– rpm: put user-configurable items at top of spec
– rpm: use the user/group ID 90 for haclient/hacluster to be consistent
with cluster-glue (bsc#1167171)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1825=1
Package List:
– openSUSE Leap 15.1 (i586 x86_64):
libpacemaker-devel-2.0.1+20190417.13d370ca9-lp151.2.16.4
libpacemaker3-2.0.1+20190417.13d370ca9-lp151.2.16.4
libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-lp151.2.16.4
pacemaker-2.0.1+20190417.13d370ca9-lp151.2.16.4
pacemaker-cli-2.0.1+20190417.13d370ca9-lp151.2.16.4
pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-lp151.2.16.4
pacemaker-debuginfo-2.0.1+20190417.13d370ca9-lp151.2.16.4
pacemaker-debugsource-2.0.1+20190417.13d370ca9-lp151.2.16.4
pacemaker-remote-2.0.1+20190417.13d370ca9-lp151.2.16.4
pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-lp151.2.16.4
– openSUSE Leap 15.1 (noarch):
pacemaker-cts-2.0.1+20190417.13d370ca9-lp151.2.16.4
References:
https://protect2.fireeye.com/v1/url?k=e10ed7b1-be92cdaf-e1094a7d-000babd90757-4d80c4fff0f046dc&q=1&e=b5716659-97ce-40a6-b9c3-6b50f9f335a4&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-25654.html
https://protect2.fireeye.com/v1/url?k=71c8890c-2e549312-71cf14c0-000babd90757-3986042083028fcf&q=1&e=b5716659-97ce-40a6-b9c3-6b50f9f335a4&u=https%3A%2F%2Fbugzilla.suse.com%2F1167171
https://protect2.fireeye.com/v1/url?k=f7cc254d-a8503f53-f7cbb881-000babd90757-78f0c12f80700692&q=1&e=b5716659-97ce-40a6-b9c3-6b50f9f335a4&u=https%3A%2F%2Fbugzilla.suse.com%2F1173668
https://protect2.fireeye.com/v1/url?k=a02f7f55-ffb3654b-a028e299-000babd90757-cf5a05d73f196256&q=1&e=b5716659-97ce-40a6-b9c3-6b50f9f335a4&u=https%3A%2F%2Fbugzilla.suse.com%2F1175557
https://protect2.fireeye.com/v1/url?k=86f5a28e-d969b890-86f23f42-000babd90757-7f05a5816e7e6b40&q=1&e=b5716659-97ce-40a6-b9c3-6b50f9f335a4&u=https%3A%2F%2Fbugzilla.suse.com%2F1177916
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org