Bug 1657962 (CVE-2018-16878)

Summary: CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abeekhof, agk, andrew, anprice, cluster-maint, dbecker, digawat376, jjoyce, jpokorny, jschluet, kbasil, kgaillot, korostinivan91, lhh, lpeer, mburns, sclewis, security-response-team, sisharma, slinaber, ssaha, vawofe8298, vbellur
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pacemaker 2.0.2-rc1 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:43:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1694559, 1694560, 1697265, 1700705, 1700737, 1706308    
Bug Blocks: 1652647    
Attachments:
Description Flags
Cumulative patches to address CVE-2018-16877, CVE-2018-16878 and CVE-2019-3885 none

Description Laura Pardo 2018-12-10 20:14:56 UTC 
A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1649942
Comment 1 Laura Pardo 2018-12-10 20:14:59 UTC 
Acknowledgments:

Name: Jan Pokorný (Red Hat)
Comment 3 Huzaifa S. Sidhpurwala 2019-04-17 05:58:44 UTC 
Created attachment 1555735 [details]
Cumulative patches to address CVE-2018-16877, CVE-2018-16878 and CVE-2019-3885
Comment 4 Huzaifa S. Sidhpurwala 2019-04-17 09:46:03 UTC 
Public via:
https://www.openwall.com/lists/oss-security/2019/04/17/1
Comment 5 Huzaifa S. Sidhpurwala 2019-04-17 09:51:44 UTC 
Created pacemaker tracking bugs for this issue:

Affects: fedora-all [bug 1700737]
Comment 6 Huzaifa S. Sidhpurwala 2019-04-18 04:47:22 UTC 
Upstream patch: https://github.com/ClusterLabs/pacemaker/pull/1749/commits/970736b1c7ad5c78cc5295a4231e546104d55893
Comment 7 Huzaifa S. Sidhpurwala 2019-05-04 07:59:37 UTC 
Created pacemaker tracking bugs for this issue:

Affects: openstack-rdo [bug 1706308]
Comment 8 errata-xmlrpc 2019-05-27 15:59:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1279 https://access.redhat.com/errata/RHSA-2019:1279
Comment 9 errata-xmlrpc 2019-05-27 16:00:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1278 https://access.redhat.com/errata/RHSA-2019:1278