You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa pacemaker

Sigurnosni nedostatak programskog paketa pacemaker

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4623-1
November 09, 2020

pacemaker vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Pacemaker could be made to run programs as an administrator.

Software Description:
– pacemaker: Cluster resource manager

Details:

Ken Gaillot discovered that Pacemaker incorrectly handled IPC
communications permissions. A local attacker could possibly use this issue
to bypass ACL restrictions and execute arbitrary code as root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
pacemaker 2.0.4-2ubuntu3.1

Ubuntu 20.04 LTS:
pacemaker 2.0.3-3ubuntu4.1

Ubuntu 18.04 LTS:
pacemaker 1.1.18-0ubuntu1.3

Ubuntu 16.04 LTS:
pacemaker 1.1.14-2ubuntu1.9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4623-1
CVE-2020-25654

Package Information:
https://launchpad.net/ubuntu/+source/pacemaker/2.0.4-2ubuntu3.1
https://launchpad.net/ubuntu/+source/pacemaker/2.0.3-3ubuntu4.1
https://launchpad.net/ubuntu/+source/pacemaker/1.1.18-0ubuntu1.3
https://launchpad.net/ubuntu/+source/pacemaker/1.1.14-2ubuntu1.9

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+pSeIACgkQZWnYVadE
vpOM+A//bXiW0fpS7Sl3cdAd3+XceCEYf2A+fbyaWoztNnWAYRODWWQJ8gKffAzm
cFAv29uCQYKOxqh0isZOcNxUiQt0ofdYWUGIb4/sYJGG0u+bgTnigA/Ms4MM0Dh4
auWJbuw8JwaAPMMFxeAylIgOuorEPMOUmWVQhS+dEG0XgagbZdYwkbgpQkZCTZg9
DoYSN9UC8UV7J55up5m4zAbloGdckMYobpJ1CtQ3ERJFFgN2H9P1cL7l4mqXK5uU
vdqpWpUnmM5uCdfhEOT5cZcDdlH6nxh3+E3xstqY+o6jYTMaZDMiy2CLbePPVqe2
ddhLh1ow11/uEgBaP4lx3VGYX0rFhT9Dj9WsqMtGCoQQ+pmAizXJF6sx6sCgtrcw
JFxckUjOPAHBal9pIRWP6rhfJQ7YJirTe/vz28EB4dUAZ6IWHa4s9rS13MKefajM
JuQ7H/3U+OBD6rhUUn8TX9KK7f+4YFns8VH9d8HaRehqakv5Te1ORF16MRDW2A8P
SeiOrhdFL8zt9TAqZwpBSmm2vxbYoWtQJ0t2yU4D/Fs2ShTW2RsiQgpE97rrluLX
WIstyQ4sGtrBBdww4u+xwhvTddkpR0CLN88MkQVu+qFgBXHIWxy+0R7TkvwqJr9i
FwUUozD97VeroHU0lUeSFKG2THA1XRdWFc5TqqgU6jfii+jnxXc=
=ZCOx
—–END PGP SIGNATURE—–

AutorDona Seruga
Cert idNCERT-REF-2020-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa wordpress

Otkriveni su sigurnosni nedostaci u programskom paketu wordpress za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close