Advisories ยป MGASA-2014-0069

Updated pacemaker package fixes one security issue

Publication date: 14 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-0281


A denial of service flaw was found in the way Pacemaker performed
authentication and processing of remote connections in certain
circumstances. When Pacemaker was configured to allow remote Cluster
Information Base (CIB) configuration or resource management, a remote
attacker could use this flaw to cause Pacemaker to block indefinitely
(preventing it from serving other requests) (CVE-2013-0281).