Hello all, Pacemaker 1.1.15, released earlier this year, contained a fix for a potential denial-of-service vulnerability in pacemaker_remote. This vulnerability has been retroactively assigned the Common Vulnerabilities and Exposures identifier CVE-2016-7797.
This was mentioned in the 1.1.15 release notes, but is being raised again for anyone interested in the CVE ID, such as distribution packagers. Before Pacemaker 1.1.15, an unprivileged user able to attempt connection to the IP address and port used for an active Pacemaker Remote connection could trivially force the connection to drop. The vulnerability only affects clusters with Pacemaker Remote nodes. For details, see: http://bugs.clusterlabs.org/show_bug.cgi?id=5269 -- Ken Gaillot <kgail...@redhat.com> _______________________________________________ Users mailing list: Users@clusterlabs.org http://clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
