Vulmon
Amazon Linux 2 Security Advisory: ALAS-2021-1583
Advisory Release Date: 2021-01-05 23:34 Pacific
Advisory Updated Date: 2021-01-06 20:55 Pacific
Severity:
Medium
References:
CVE-2020-25654
Issue Overview:
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. (CVE-2020-25654)
Affected Packages:
pacemaker
Issue Correction:
Run yum update pacemaker to update your system.
New Packages:
aarch64:
pacemaker-1.1.23-1.amzn2.1.aarch64
pacemaker-cli-1.1.23-1.amzn2.1.aarch64
pacemaker-libs-1.1.23-1.amzn2.1.aarch64
pacemaker-cluster-libs-1.1.23-1.amzn2.1.aarch64
pacemaker-remote-1.1.23-1.amzn2.1.aarch64
pacemaker-libs-devel-1.1.23-1.amzn2.1.aarch64
pacemaker-cts-1.1.23-1.amzn2.1.aarch64
pacemaker-doc-1.1.23-1.amzn2.1.aarch64
pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1.aarch64
pacemaker-debuginfo-1.1.23-1.amzn2.1.aarch64
i686:
pacemaker-1.1.23-1.amzn2.1.i686
pacemaker-cli-1.1.23-1.amzn2.1.i686
pacemaker-libs-1.1.23-1.amzn2.1.i686
pacemaker-cluster-libs-1.1.23-1.amzn2.1.i686
pacemaker-remote-1.1.23-1.amzn2.1.i686
pacemaker-libs-devel-1.1.23-1.amzn2.1.i686
pacemaker-cts-1.1.23-1.amzn2.1.i686
pacemaker-doc-1.1.23-1.amzn2.1.i686
pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1.i686
pacemaker-debuginfo-1.1.23-1.amzn2.1.i686
src:
pacemaker-1.1.23-1.amzn2.1.src
x86_64:
pacemaker-1.1.23-1.amzn2.1.x86_64
pacemaker-cli-1.1.23-1.amzn2.1.x86_64
pacemaker-libs-1.1.23-1.amzn2.1.x86_64
pacemaker-cluster-libs-1.1.23-1.amzn2.1.x86_64
pacemaker-remote-1.1.23-1.amzn2.1.x86_64
pacemaker-libs-devel-1.1.23-1.amzn2.1.x86_64
pacemaker-cts-1.1.23-1.amzn2.1.x86_64
pacemaker-doc-1.1.23-1.amzn2.1.x86_64
pacemaker-nagios-plugins-metadata-1.1.23-1.amzn2.1.x86_64
pacemaker-debuginfo-1.1.23-1.amzn2.1.x86_64