ALT-PU-2015-1923-1
Closed vulnerabilities
Published: 2013-11-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-0281
Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).
Severity: MEDIUM (4.3)
References:
- RHSA-2013:1635
- RHSA-2013:1635
- https://bugzilla.redhat.com/show_bug.cgi?id=891922
- https://bugzilla.redhat.com/show_bug.cgi?id=891922
- https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
- https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
Published: 2015-08-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-1867
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
Severity: HIGH (7.5)
References:
- FEDORA-2015-e5e36bbb87
- FEDORA-2015-e5e36bbb87
- FEDORA-2015-f6860d8f9d
- FEDORA-2015-f6860d8f9d
- FEDORA-2015-f9864ecd8f
- FEDORA-2015-f9864ecd8f
- RHSA-2015:1424
- RHSA-2015:1424
- RHSA-2015:2383
- RHSA-2015:2383
- 74231
- 74231
- https://bugzilla.redhat.com/show_bug.cgi?id=1211370
- https://bugzilla.redhat.com/show_bug.cgi?id=1211370
- https://github.com/ClusterLabs/pacemaker/commit/84ac07c
- https://github.com/ClusterLabs/pacemaker/commit/84ac07c
- GLSA-201710-08
- GLSA-201710-08