Your submission was sent successfully! Close

CVE-2018-16877

Published: 17 April 2019

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
pacemaker
Launchpad, Ubuntu, Debian
bionic
Released (1.1.18-0ubuntu1.1)
cosmic
Released (1.1.18-2ubuntu1.18.10.1)
disco
Released (1.1.18-2ubuntu1.19.04.1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needs triage

xenial
Released (1.1.14-2ubuntu1.6)