ALT-PU-2015-1923-1

Package update pacemaker in branch sisyphus

Version1.1.13-alt1

Published2015-10-23

Max severityHIGH

Severity:

Closed issues (2)

MEDIUM4.3

Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).

Published: 2013-11-23Modified: 2026-04-29

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

HIGH7.5

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.

Published: 2015-08-12Modified: 2025-04-12

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References