openSUSE Security Update : pacemaker (openSUSE-2016-1376)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for pacemaker fixes the following issues :

Security issues fixed :

- CVE-2016-7797: Notify other clients of a new connection
only if the handshake has completed (bsc#967388,
bsc#1002767).

- CVE-2016-7035: Fixed improper IPC guarding in pacemaker
(bsc#1007433).

Bug fixes :

- bsc#1003565: crmd: Record pending operations in the CIB
before they are performed

- bsc#1000743: pengine: Do not fence a maintenance node if
it shuts down cleanly

- bsc#987348: ping: Avoid temporary files for fping check

- bsc#986644: libcrmcommon: report errors consistently
when waiting for data on connection

- bsc#986644: remote: Correctly calculate the remaining
timeouts when receiving messages

This update was imported from the SUSE:SLE-12-SP2:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1000743
https://bugzilla.opensuse.org/show_bug.cgi?id=1002767
https://bugzilla.opensuse.org/show_bug.cgi?id=1003565
https://bugzilla.opensuse.org/show_bug.cgi?id=1007433
https://bugzilla.opensuse.org/show_bug.cgi?id=967388
https://bugzilla.opensuse.org/show_bug.cgi?id=986644
https://bugzilla.opensuse.org/show_bug.cgi?id=987348

Solution :

Update the affected pacemaker packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95531 ()

Bugtraq ID:

CVE ID: CVE-2016-7035
CVE-2016-7797

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now