Sigurnosni nedostatak programskog paketa pacemaker

Preporuke

by - 9. studenoga 2020.0

==========================================================================
Ubuntu Security Notice USN-4623-1
November 09, 2020

pacemaker vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Pacemaker could be made to run programs as an administrator.

Software Description:
– pacemaker: Cluster resource manager

Details:

Ken Gaillot discovered that Pacemaker incorrectly handled IPC
communications permissions. A local attacker could possibly use this issue
to bypass ACL restrictions and execute arbitrary code as root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
pacemaker 2.0.4-2ubuntu3.1

Ubuntu 20.04 LTS:
pacemaker 2.0.3-3ubuntu4.1

Ubuntu 18.04 LTS:
pacemaker 1.1.18-0ubuntu1.3

Ubuntu 16.04 LTS:
pacemaker 1.1.14-2ubuntu1.9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4623-1
CVE-2020-25654

Package Information:
https://launchpad.net/ubuntu/+source/pacemaker/2.0.4-2ubuntu3.1
https://launchpad.net/ubuntu/+source/pacemaker/2.0.3-3ubuntu4.1
https://launchpad.net/ubuntu/+source/pacemaker/1.1.18-0ubuntu1.3
https://launchpad.net/ubuntu/+source/pacemaker/1.1.14-2ubuntu1.9

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+pSeIACgkQZWnYVadE
vpOM+A//bXiW0fpS7Sl3cdAd3+XceCEYf2A+fbyaWoztNnWAYRODWWQJ8gKffAzm
cFAv29uCQYKOxqh0isZOcNxUiQt0ofdYWUGIb4/sYJGG0u+bgTnigA/Ms4MM0Dh4
auWJbuw8JwaAPMMFxeAylIgOuorEPMOUmWVQhS+dEG0XgagbZdYwkbgpQkZCTZg9
DoYSN9UC8UV7J55up5m4zAbloGdckMYobpJ1CtQ3ERJFFgN2H9P1cL7l4mqXK5uU
vdqpWpUnmM5uCdfhEOT5cZcDdlH6nxh3+E3xstqY+o6jYTMaZDMiy2CLbePPVqe2
ddhLh1ow11/uEgBaP4lx3VGYX0rFhT9Dj9WsqMtGCoQQ+pmAizXJF6sx6sCgtrcw
JFxckUjOPAHBal9pIRWP6rhfJQ7YJirTe/vz28EB4dUAZ6IWHa4s9rS13MKefajM
JuQ7H/3U+OBD6rhUUn8TX9KK7f+4YFns8VH9d8HaRehqakv5Te1ORF16MRDW2A8P
SeiOrhdFL8zt9TAqZwpBSmm2vxbYoWtQJ0t2yU4D/Fs2ShTW2RsiQgpE97rrluLX
WIstyQ4sGtrBBdww4u+xwhvTddkpR0CLN88MkQVu+qFgBXHIWxy+0R7TkvwqJr9i
FwUUozD97VeroHU0lUeSFKG2THA1XRdWFc5TqqgU6jfii+jnxXc=
=ZCOx
—–END PGP SIGNATURE—–
—

Sigurnosni nedostatak programskog paketa pacemaker

Archives

More in Preporuke

Sigurnosni nedostaci programskog paketa wordpress