Detections
Analytics

MiracleLinux 4 : pacemaker-1.1.12-8.AXS4 (AXSA:2015-326:02)

critical Nessus Plugin ID 290050

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-326:02 advisory.

 Pacemaker is an advanced, scalable High-Availability cluster resource manager for Linux-HA (Heartbeat) and/or Corosync.
 It supports n-node clusters with significant capabilities for managing resources and dependencies.
 It will run scripts at initialization, when machines go up or down, when related resources fail and can be configured to periodically check resource health.
 Available rpmbuild rebuild options:
 --with(out) : heartbeat cman corosync doc publican snmp esmtp pre_release Security issues fixed with this release:
 CVE-2015-1867 Fixed bugs:
 * Due to a race condition, nodes that gracefully shut down occasionally had difficulty rejoining the cluster. As a consequence, nodes could come online and be shut down again immediately by the cluster. With this update, the bug has been fixed.
 * Prior to this update, the pacemaker utility caused an unexpected termination of the attrd daemon after a system update to Asianux Server 4 SP5. The bug has been fixed so that attrd no longer crashes when pacemaker starts.
 * Previously, the access control list (ACL) of the pacemaker utility allowed a role assignment to the Cluster Information Base (CIB) with a read-only permission. With this update, the problem was fixed.
 * Previously, the ClusterMon (crm_mon) utility did not trigger an external agent script with the -E parameter to monitor the Cluster Information Base (CIB) when the pacemaker utility was used. A patch has been provided to fix this bug.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/5672

Plugin Details

Severity: Critical

ID: 290050

File Name: miracle_linux_AXSA-2015-326.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-1867

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:pacemaker-doc, p-cpe:/a:miracle:linux:pacemaker-cts, p-cpe:/a:miracle:linux:pacemaker-libs, p-cpe:/a:miracle:linux:pacemaker-cli, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:pacemaker-cluster-libs, p-cpe:/a:miracle:linux:pacemaker, p-cpe:/a:miracle:linux:pacemaker-libs-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2015

Vulnerability Publication Date: 4/20/2015

Reference Information

CVE: CVE-2015-1867