Advisories » MGASA-2014-0069

Updated pacemaker package fixes one security issue

Publication date: 14 Feb 2014
Modification date: 14 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-0281

Description

A denial of service flaw was found in the way Pacemaker performed
authentication and processing of remote connections in certain
circumstances. When Pacemaker was configured to allow remote Cluster
Information Base (CIB) configuration or resource management, a remote
attacker could use this flaw to cause Pacemaker to block indefinitely
(preventing it from serving other requests) (CVE-2013-0281).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11724
• https://www.redhat.com/security/data/cve/CVE-2013-0281.html
• https://bugzilla.redhat.com/show_bug.cgi?id=891922#c5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0281

SRPMS

3/core

• pacemaker-1.1.8-4.1.mga3