openSUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:3101-1 Rating: moderate References: #1000743 #1002767 #1003565 #1007433 #1009076 #967388 #986644 #987348 #995365 Cross-References: CVE-2016-7035 CVE-2016-7797 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update for pacemaker fixes the following issues: - remote: Allow cluster and remote LRM API versions to diverge (bsc#1009076) - libcrmcommon: fix CVE-2016-7035 (improper IPC guarding) (bsc#1007433) - sysconfig: minor tweaks (typo, wording) - spec: more robust check for systemd being in use - spec: defines instead of some globals + error suppression - various: issues discovered via valgrind and coverity - attrd_updater: fix usage of HAVE_ATOMIC_ATTRD - crmd: cl#5185 - Record pending operations in the CIB before they are performed (bsc#1003565) - ClusterMon: fix to avoid matching other process with the same PID - mcp: improve comments for sysconfig options - remove openssl-devel and libselinux-devel as build dependencies - tools: crm_standby --version/--help should work without cluster - libpengine: only log startup-fencing warning once - pacemaker.service: do not mistakenly suggest killing fenced - libcrmcommon: report errors consistently when waiting for data on connection (bsc#986644) - remote: Correctly calculate the remaining timeouts when receiving messages (bsc#986644) - libfencing: report added node ID correctly - crm_mon: Do not call setenv with null value - pengine: Do not fence a maintenance node if it shuts down cleanly (bsc#1000743) - ping: Avoid temporary files for fping check (bsc#987348) - all: clarify licensing and copyrights - crmd: Resend the shutdown request if the DC forgets - ping: Avoid temp files in fping_check (bsc#987348) - crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down - crmd: clear remote node operation history only when it comes up - libcib,libfencing,libtransition: handle memory allocation errors without CRM_CHECK() - tools: make crm_mon XML schema handle resources with multiple active - pengine: set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources - pengine: avoid null dereference in new same-node ordering option - lrmd,libcluster: ensure g_hash_table_foreach() is never passed a null table - crmd: don't log warning if abort_unless_down() can't find down event - lib: Correction of the deletion of the notice registration. - stonithd: Correction of the wrong connection process name. - crmd: Keep a state of LRMD in the DC node latest. - pengine: avoid transition loop for start-then-stop + unfencing - libpengine: allow pe_order_same_node option for constraints - cts: Restart systemd-journald with "systemctl restart systemd-journald.socket" (bsc#995365) - libcrmcommon: properly handle XML comments when comparing v2 patchset diffs - crmd: don't abort transitions for CIB comment changes - libcrmcommon: log XML comments correctly - libcrmcommon: remove extraneous format specifier from log message - remote: cl#5269 - Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767, CVE-2016-7797) This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1447=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): libpacemaker-devel-1.1.13-23.2 libpacemaker3-1.1.13-23.2 libpacemaker3-debuginfo-1.1.13-23.2 pacemaker-1.1.13-23.2 pacemaker-cli-1.1.13-23.2 pacemaker-cli-debuginfo-1.1.13-23.2 pacemaker-cts-1.1.13-23.2 pacemaker-cts-debuginfo-1.1.13-23.2 pacemaker-debuginfo-1.1.13-23.2 pacemaker-debugsource-1.1.13-23.2 pacemaker-remote-1.1.13-23.2 pacemaker-remote-debuginfo-1.1.13-23.2 References: https://www.suse.com/security/cve/CVE-2016-7035.html https://www.suse.com/security/cve/CVE-2016-7797.html https://bugzilla.suse.com/1000743 https://bugzilla.suse.com/1002767 https://bugzilla.suse.com/1003565 https://bugzilla.suse.com/1007433 https://bugzilla.suse.com/1009076 https://bugzilla.suse.com/967388 https://bugzilla.suse.com/986644 https://bugzilla.suse.com/987348 https://bugzilla.suse.com/995365