Bug 1131353 - (CVE-2018-16878) VUL-0: CVE-2018-16878: pacemaker: Insufficient verification inflicted preference of uncontrolled processes
(CVE-2018-16878)
VUL-0: CVE-2018-16878: pacemaker: Insufficient verification inflicted prefere...
Status: REOPENED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Yan Gao
Security Team bot
https://smash.suse.de/issue/228698/
CVSSv3:SUSE:CVE-2018-16878:5.5:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-03 05:18 UTC by Karol Babioch
Modified: 2022-04-22 13:57 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2019-04-03 05:18:22 UTC
CVE-2018-16878

Insufficient verification inflicted
preference of uncontrolled processes can lead to DoS:
A flaw was found in pacemaker. An insufficient verification inflicted
preference of uncontrolled processes can lead to DoS

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16878
Comment 1 Karol Babioch 2019-04-03 05:19:39 UTC
CRD: 2019-04-10 10:00 UTC
Comment 3 Karol Babioch 2019-04-03 05:41:46 UTC
Patch series can be found in Bug 1131356 -> https://bugzilla.suse.com/show_bug.cgi?id=1131356
Comment 5 Karol Babioch 2019-04-10 08:42:23 UTC
Due to some concerns related to the patchset, the CRD has been moved.

CRD: 2019-04-16 10:00 UTC
Comment 6 Karol Babioch 2019-04-16 09:58:36 UTC
CRD: 2019-04-17 10:00
Comment 7 Karol Babioch 2019-04-17 09:47:15 UTC
Public now.
Comment 11 Swamp Workflow Management 2019-04-26 13:17:01 UTC
SUSE-SU-2019:1047-1: An update that solves three vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1117381,1117934,1128374,1128772,1131353,1131356,1131357
CVE References: CVE-2018-16877,CVE-2018-16878,CVE-2019-3885
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2019-04-30 16:10:33 UTC
SUSE-SU-2019:1108-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1131353,1131356
CVE References: CVE-2018-16877,CVE-2018-16878
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    pacemaker-1.1.16-6.14.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    pacemaker-1.1.16-6.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-05-02 13:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1131353) was mentioned in
https://build.opensuse.org/request/show/700145 Factory / pacemaker
Comment 15 Swamp Workflow Management 2019-05-08 13:10:50 UTC
openSUSE-SU-2019:1342-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1131353,1131356
CVE References: CVE-2018-16877,CVE-2018-16878
Sources used:
openSUSE Leap 42.3 (src):    pacemaker-1.1.16-4.12.1
Comment 16 Marcus Meissner 2019-05-10 14:53:07 UTC
released
Comment 17 Swamp Workflow Management 2019-05-10 19:11:25 UTC
SUSE-SU-2019:1209-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1117381,1131353,1131356,1131357
CVE References: CVE-2018-16877,CVE-2018-16878,CVE-2019-3885
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    pacemaker-1.1.18+20180430.b12c320f5-3.9.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2019-05-15 19:10:00 UTC
openSUSE-SU-2019:1400-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1117381,1131353,1131356,1131357
CVE References: CVE-2018-16877,CVE-2018-16878,CVE-2019-3885
Sources used:
openSUSE Leap 15.0 (src):    pacemaker-1.1.18+20180430.b12c320f5-lp150.2.9.1
Comment 21 Swamp Workflow Management 2019-09-02 16:20:56 UTC
SUSE-SU-2019:2268-1: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1032511,1127716,1130122,1131353,1131356,1133866,1135317,1136712,1140519
CVE References: CVE-2018-16877,CVE-2018-16878
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    pacemaker-1.1.19+20181105.ccd6b5b10-3.13.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    pacemaker-1.1.19+20181105.ccd6b5b10-3.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2019-09-19 10:11:28 UTC
SUSE-RU-2019:2405-1: An update that has 7 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1032511,1127716,1130122,1131353,1131356,1133866,1136712
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    pacemaker-1.1.18+20180430.b12c320f5-3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2019-09-29 13:12:48 UTC
openSUSE-RU-2019:2214-1: An update that has 7 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1032511,1127716,1130122,1131353,1131356,1133866,1136712
CVE References: 
Sources used:
openSUSE Leap 15.0 (src):    pacemaker-1.1.18+20180430.b12c320f5-lp150.2.12.1
Comment 29 Swamp Workflow Management 2020-04-22 22:18:01 UTC
SUSE-SU-2020:1072-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1131353,1131356
CVE References: CVE-2018-16877,CVE-2018-16878
Sources used:
SUSE Linux Enterprise High Availability 12-SP2 (src):    pacemaker-1.1.15-23.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.