[ClusterLabs] Fix in Pacemaker 1.1.15 retroactively assigned CVE-2016-7797

Ken Gaillot kgaillot at redhat.com
Thu Nov 3 12:02:28 EDT 2016


Hello all,

Pacemaker 1.1.15, released earlier this year, contained a fix for a
potential denial-of-service vulnerability in pacemaker_remote. This
vulnerability has been retroactively assigned the Common Vulnerabilities
and Exposures identifier CVE-2016-7797.

This was mentioned in the 1.1.15 release notes, but is being raised
again for anyone interested in the CVE ID, such as distribution packagers.

Before Pacemaker 1.1.15, an unprivileged user able to attempt connection
to the IP address and port used for an active Pacemaker Remote
connection could trivially force the connection to drop. The
vulnerability only affects clusters with Pacemaker Remote nodes.

For details, see:

  http://bugs.clusterlabs.org/show_bug.cgi?id=5269

-- 
Ken Gaillot <kgaillot at redhat.com>




More information about the Users mailing list