USN-4623-1: Pacemaker vulnerability

09 November 2020

Pacemaker could be made to run programs as an administrator.

Releases

Packages

  • pacemaker - Cluster resource manager

Details

Ken Gaillot discovered that Pacemaker incorrectly handled IPC
communications permissions. A local attacker could possibly use this issue
to bypass ACL restrictions and execute arbitrary code as root.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References