bugbot adjusting priority

is public now 
http://www.openwall.com/lists/oss-security/2016/11/03/5


Date: Thu, 3 Nov 2016 11:34:35 +0100
From: Jan Pokorný <jpokorny@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-7035 - pacemaker - improper IPC guarding

Following issue is being publicly disclosed today:

A vulnerability has been found in pacemaker, a software package for
high-availability clustering.

It was discovered that at some not so uncommon circumstances, some
pacemaker daemons could be talked to, via libqb-facilitated IPC, by
unprivileged clients due to flawed authorization decision.  Depending
on the capabilities of affected daemons, this might equip unauthorized
user with local privilege escalation or up to cluster-wide remote
execution of possibly arbitrary commands when such user happens to
reside at standard or remote/guest cluster node, respectively.

The original vulnerability was introduced in an attempt to allow
unprivileged IPC clients to clean up the file system materialized
leftovers in case the server (otherwise responsible for the lifecycle
of these files) crashes.  While the intended part of such behavior is
now effectively voided (along with the unintended one), a best-effort
fix to address this corner case systemically at libqb is coming along
(https://github.com/ClusterLabs/libqb/pull/231).

Affected versions:  1.1.10-rc1 (2013-04-17) - 1.1.15 (2016-06-21)
Impact:             Important
CVSSv3 ranking:     8.8 : AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Credits for independent findings, in chronological order:
  Jan "poki" Pokorný, of Red Hat
  Alain Moulle, of ATOS/BULL


Patch for the issue, which is applicable on all affected versions:
https://github.com/ClusterLabs/pacemaker/pull/1166/commits/5a20855d6054ebaae590c09262b328d957cc1fc2

-- 
Jan (Poki)

Submitted for SLE12SP2:
https://build.suse.de/request/show/123753

SLE12SP1:
https://build.suse.de/request/show/123856

SLE11SP4:
https://build.suse.de/request/show/123894

*** Bug 1009037 has been marked as a duplicate of this bug. ***

SUSE-SU-2016:2869-1: An update that solves two vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1000743,1002767,1003565,1007433,967388,986644,987348
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    pacemaker-1.1.15-21.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    pacemaker-1.1.15-21.1

openSUSE-SU-2016:2965-1: An update that solves two vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1000743,1002767,1003565,1007433,967388,986644,987348
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
openSUSE Leap 42.2 (src):    pacemaker-1.1.15-5.1

SUSE-SU-2016:2974-1: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (moderate)
Bug References: 1000743,1002767,1003565,1007433,1009076,967388,986644,987348,995365
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    pacemaker-1.1.13-20.1
SUSE Linux Enterprise High Availability 12-SP1 (src):    pacemaker-1.1.13-20.1

openSUSE-SU-2016:3101-1: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (moderate)
Bug References: 1000743,1002767,1003565,1007433,1009076,967388,986644,987348,995365
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
openSUSE Leap 42.1 (src):    pacemaker-1.1.13-23.2

SUSE-SU-2016:3162-1: An update that solves two vulnerabilities and has 23 fixes is now available.

Category: security (moderate)
Bug References: 1000743,1002767,1003565,1007433,1009076,953192,970733,971129,972187,974108,975079,976271,976865,977258,977675,977800,981489,981731,986056,986201,986265,986644,986676,986931,987348
CVE References: CVE-2016-7035,CVE-2016-7797
Sources used:
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    pacemaker-1.1.12-18.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    pacemaker-1.1.12-18.1

fixed