Synopsis:          Important: pacemaker security update
Advisory ID:       SLSA-2016:2675-1
Issue Date:        2016-11-08
CVE Numbers:       CVE-2016-7035
--

Security Fix(es):

* An authorization flaw was found in Pacemaker, where it did not properly
guard its IPC interface. An attacker with an unprivileged account on a
Pacemaker node could use this flaw to, for example, force the Local
Resource Manager daemon to execute a script as root and thereby gain root
access on the machine. (CVE-2016-7035)

This issue was discovered by Jan "poki" Pokorny (Red Hat) and Alain Moulle
(ATOS/BULL).
--

SL6
  x86_64
    pacemaker-1.1.14-8.el6_8.2.x86_64.rpm
    pacemaker-cli-1.1.14-8.el6_8.2.x86_64.rpm
    pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-cluster-libs-1.1.14-8.el6_8.2.x86_64.rpm
    pacemaker-cts-1.1.14-8.el6_8.2.x86_64.rpm
    pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-debuginfo-1.1.14-8.el6_8.2.x86_64.rpm
    pacemaker-doc-1.1.14-8.el6_8.2.x86_64.rpm
    pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-libs-1.1.14-8.el6_8.2.x86_64.rpm
    pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-libs-devel-1.1.14-8.el6_8.2.x86_64.rpm
    pacemaker-remote-1.1.14-8.el6_8.2.x86_64.rpm
  i386
    pacemaker-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-cli-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-cluster-libs-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-cts-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-debuginfo-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-doc-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-libs-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-libs-devel-1.1.14-8.el6_8.2.i686.rpm
    pacemaker-remote-1.1.14-8.el6_8.2.i686.rpm

- Scientific Linux Development Team