USN-3462-1: Pacemaker vulnerabilities

24 October 2017

Several security issues were fixed in Pacemaker.

Releases

Packages

Details

Jan Pokorný and Alain Moulle discovered that Pacemaker incorrectly handled
the IPC interface. A local attacker could possibly use this issue to
execute arbitrary code with root privileges. (CVE-2016-7035)

Alain Moulle discovered that Pacemaker incorrectly handled authentication.
A remote attacker could possibly use this issue to shut down connections,
leading to a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-7797)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.