Synopsis:          Moderate: pacemaker security, bug fix, and enhancement update
Advisory ID:       SLSA-2016:2578-2
Issue Date:        2016-11-03
CVE Numbers:       CVE-2016-7797
--

The following packages have been upgraded to a newer upstream version:
pacemaker (1.1.15).

Security Fix(es):

* It was found that the connection between a pacemaker cluster and a
pacemaker_remote node could be shut down using a new unauthenticated
connection. A remote attacker could use this flaw to cause a denial of
service. (CVE-2016-7797)

Additional Changes:
--

SL7
  x86_64
    pacemaker-1.1.15-11.el7.x86_64.rpm
    pacemaker-cli-1.1.15-11.el7.x86_64.rpm
    pacemaker-cluster-libs-1.1.15-11.el7.i686.rpm
    pacemaker-cluster-libs-1.1.15-11.el7.x86_64.rpm
    pacemaker-cts-1.1.15-11.el7.x86_64.rpm
    pacemaker-debuginfo-1.1.15-11.el7.i686.rpm
    pacemaker-debuginfo-1.1.15-11.el7.x86_64.rpm
    pacemaker-doc-1.1.15-11.el7.x86_64.rpm
    pacemaker-libs-1.1.15-11.el7.i686.rpm
    pacemaker-libs-1.1.15-11.el7.x86_64.rpm
    pacemaker-libs-devel-1.1.15-11.el7.i686.rpm
    pacemaker-libs-devel-1.1.15-11.el7.x86_64.rpm
    pacemaker-nagios-plugins-metadata-1.1.15-11.el7.x86_64.rpm
    pacemaker-remote-1.1.15-11.el7.x86_64.rpm

- Scientific Linux Development Team