Back to bug 1379784
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-09-27 16:20:29 UTC | CC | security-response-team | |
| Adam Mariš | 2016-09-27 16:22:39 UTC | Blocks | 1379785 | |
| Ken Gaillot | 2016-09-27 19:27:33 UTC | CC | cfeist | |
| Cedric Buissart | 2016-09-30 15:23:17 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-10-03 07:46:33 UTC | Alias | CVE-2016-7797 | |
| Cedric Buissart | 2016-10-03 07:46:36 UTC | Summary | EMBARGOED pacemaker: PCS remote nodes vulnerable to hijacking | EMBARGOED CVE-2016-7797 pacemaker: PCS remote nodes vulnerable to hijacking |
| Cedric Buissart | 2016-10-03 07:46:39 UTC | Whiteboard | impact=important,public=no,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=new,rhel-7/pacemaker=new,fedora-all/pacemaker=affected | impact=important,public=20160222,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=new,rhel-7/pacemaker=new,fedora-all/pacemaker=affected |
| Cedric Buissart | 2016-10-03 07:46:42 UTC | Summary | EMBARGOED CVE-2016-7797 pacemaker: PCS remote nodes vulnerable to hijacking | CVE-2016-7797 pacemaker: PCS remote nodes vulnerable to hijacking |
| Cedric Buissart | 2016-10-03 07:46:45 UTC | Group | security, qe_staff | |
| Cedric Buissart | 2016-10-03 08:15:09 UTC | Whiteboard | impact=important,public=20160222,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=new,rhel-7/pacemaker=new,fedora-all/pacemaker=affected | impact=important,public=20160222,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=affected,rhel-7/pacemaker=affected,fedora-all/pacemaker=affected |
| Cedric Buissart | 2016-10-03 08:27:38 UTC | Whiteboard | impact=important,public=20160222,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=affected,rhel-7/pacemaker=affected,fedora-all/pacemaker=affected | impact=important,public=20160222,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=notaffected,rhel-7/pacemaker=affected,fedora-all/pacemaker=notaffected |
| Cedric Buissart | 2016-10-03 09:11:00 UTC | Link ID | Cluster Labs 5269 | |
| Cedric Buissart | 2016-10-03 09:11:49 UTC | Summary | CVE-2016-7797 pacemaker: PCS remote nodes vulnerable to hijacking | CVE-2016-7797 pacemaker: PCS remote nodes vulnerable to hijacking, resulting in a DoS attack |
| Cedric Buissart | 2016-10-03 09:31:52 UTC | Depends On | 1312094 | |
| Cedric Buissart | 2016-10-03 10:29:50 UTC | Whiteboard | impact=important,public=20160222,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=notaffected,rhel-7/pacemaker=affected,fedora-all/pacemaker=notaffected | impact=moderate,public=20160222,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=notaffected,rhel-7/pacemaker=affected,fedora-all/pacemaker=notaffected |
| Cedric Buissart | 2016-10-03 10:29:56 UTC | Severity | high | medium |
| Cedric Buissart | 2016-10-03 10:30:03 UTC | Priority | high | medium |
| Cedric Buissart | 2016-10-27 14:40:02 UTC | Doc Text | It was found that the connection between a pacemaker cluster and a pacemaker_remote node can be shut down using an unauthenticated new connection. An remote attacker could use this flaw to create a Denial of Service. | |
| Cedric Buissart | 2016-10-27 15:08:30 UTC | Depends On | 1389439 | |
| Cedric Buissart | 2016-10-27 15:08:36 UTC | Depends On | 1389440 | |
| Cedric Buissart | 2016-10-27 15:18:43 UTC | Summary | CVE-2016-7797 pacemaker: PCS remote nodes vulnerable to hijacking, resulting in a DoS attack | CVE-2016-7797 pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack |
| Tomas Hoger | 2016-10-28 12:10:41 UTC | Doc Text | It was found that the connection between a pacemaker cluster and a pacemaker_remote node can be shut down using an unauthenticated new connection. An remote attacker could use this flaw to create a Denial of Service. | It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service. |
| Huzaifa S. Sidhpurwala | 2016-11-04 08:19:40 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-04 04:19:40 UTC | |||
| Yasuhiro Ozone | 2017-02-14 01:15:31 UTC | CC | yozone | |
| Product Security DevOps Team | 2019-09-29 13:57:05 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160926,source=customer,cvss2=7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/pacemaker=notaffected,rhel-7/pacemaker=affected,fedora-all/pacemaker=notaffected |
Back to bug 1379784