Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0394)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0394

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0394)

Resumen: The remote host is missing an update for the 'pacemaker' package(s) announced via the MGASA-2019-0394 advisory.

Descripción: Summary:
The remote host is missing an update for the 'pacemaker' package(s) announced via the MGASA-2019-0394 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:

A use-after-free flaw was found in pacemaker up to and including version
2.0.1 which could result in certain sensitive information to be leaked
via the system logs. (CVE-2019-3885)

A flaw was found in the way pacemaker's client-server authentication was
implemented in versions up to and including 2.0.0. A local attacker could
use this flaw, and combine it with other IPC weaknesses, to achieve local
privilege escalation. (CVE-2018-16877)

A flaw was found in pacemaker up to and including version 2.0.1. An
insufficient verification inflicted preference of uncontrolled processes
can lead to DoS. (CVE-2018-16878)

Affected Software/OS:
'pacemaker' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-16877
BugTraq ID: 108042
http://www.securityfocus.com/bid/108042
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/
https://security.gentoo.org/glsa/202309-09
https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html
RedHat Security Advisories: RHSA-2019:1278
https://access.redhat.com/errata/RHSA-2019:1278
RedHat Security Advisories: RHSA-2019:1279
https://access.redhat.com/errata/RHSA-2019:1279
SuSE Security Announcement: openSUSE-SU-2019:1342 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html
SuSE Security Announcement: openSUSE-SU-2019:1400 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
https://usn.ubuntu.com/3952-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-16878
BugTraq ID: 108039
http://www.securityfocus.com/bid/108039
Common Vulnerability Exposure (CVE) ID: CVE-2019-3885
BugTraq ID: 108036
http://www.securityfocus.com/bid/108036

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0394
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0394)
Resumen:	The remote host is missing an update for the 'pacemaker' package(s) announced via the MGASA-2019-0394 advisory.
Descripción:	Summary: The remote host is missing an update for the 'pacemaker' package(s) announced via the MGASA-2019-0394 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885) A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. (CVE-2018-16877) A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. (CVE-2018-16878) Affected Software/OS: 'pacemaker' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16877 BugTraq ID: 108042 http://www.securityfocus.com/bid/108042 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/ https://security.gentoo.org/glsa/202309-09 https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html RedHat Security Advisories: RHSA-2019:1278 https://access.redhat.com/errata/RHSA-2019:1278 RedHat Security Advisories: RHSA-2019:1279 https://access.redhat.com/errata/RHSA-2019:1279 SuSE Security Announcement: openSUSE-SU-2019:1342 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:1400 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html https://usn.ubuntu.com/3952-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-16878 BugTraq ID: 108039 http://www.securityfocus.com/bid/108039 Common Vulnerability Exposure (CVE) ID: CVE-2019-3885 BugTraq ID: 108036 http://www.securityfocus.com/bid/108036
Copyright	Copyright (C) 2022 Greenbone AG