Synopsis: Important: pacemaker security update Advisory ID: SLSA-2016:2675-1 Issue Date: 2016-11-08 CVE Numbers: CVE-2016-7035 -- Security Fix(es): * An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. (CVE-2016-7035) This issue was discovered by Jan "poki" Pokorny (Red Hat) and Alain Moulle (ATOS/BULL). -- SL6 x86_64 pacemaker-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-cli-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm pacemaker-cluster-libs-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-cts-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm pacemaker-debuginfo-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-doc-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm pacemaker-libs-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm pacemaker-libs-devel-1.1.14-8.el6_8.2.x86_64.rpm pacemaker-remote-1.1.14-8.el6_8.2.x86_64.rpm i386 pacemaker-1.1.14-8.el6_8.2.i686.rpm pacemaker-cli-1.1.14-8.el6_8.2.i686.rpm pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm pacemaker-cts-1.1.14-8.el6_8.2.i686.rpm pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm pacemaker-doc-1.1.14-8.el6_8.2.i686.rpm pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm pacemaker-remote-1.1.14-8.el6_8.2.i686.rpm - Scientific Linux Development Team