1694554 – (CVE-2019-3885) CVE-2019-3885 pacemaker: Information disclosure through use-after-free

Bug 1694554 (CVE-2019-3885) - CVE-2019-3885 pacemaker: Information disclosure through use-after-free

Summary: CVE-2019-3885 pacemaker: Information disclosure through use-after-free

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-3885
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1694907 1694908 1697264 1700704 1700737 1706307
Blocks:	1652647
TreeView+	depends on / blocked

Reported:	2019-04-01 05:41 UTC by Huzaifa S. Sidhpurwala
Modified:	2021-02-16 22:10 UTC (History)
CC List:	19 users (show)
Fixed In Version:	pacemaker 2.0.2-rc1
Clone Of:
Environment:
Last Closed:	2019-06-10 10:52:45 UTC
Embargoed:

Attachments	(Terms of Use)
Cumulative patches to address CVE-2018-16877, CVE-2018-16878 and CVE-2019-3885 (71.68 KB, application/gzip) 2019-04-17 05:59 UTC, Huzaifa S. Sidhpurwala	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:1278	0	None	None	None	2019-05-27 16:00:10 UTC
Red Hat Product Errata	RHSA-2019:1279	0	None	None	None	2019-05-27 15:59:52 UTC

Description Huzaifa S. Sidhpurwala 2019-04-01 05:41:58 UTC

A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs.

Comment 1 Huzaifa S. Sidhpurwala 2019-04-01 05:42:00 UTC

Acknowledgments:

Name: Jan Pokorný (Red Hat)

Comment 6 Huzaifa S. Sidhpurwala 2019-04-17 05:59:01 UTC

Created attachment 1555736 [details]
Cumulative patches to address CVE-2018-16877, CVE-2018-16878 and CVE-2019-3885

Comment 7 Huzaifa S. Sidhpurwala 2019-04-17 09:46:48 UTC

Public via:
https://www.openwall.com/lists/oss-security/2019/04/17/1

Comment 8 Huzaifa S. Sidhpurwala 2019-04-17 09:51:15 UTC

Created pacemaker tracking bugs for this issue:

Affects: fedora-all [bug 1700737]

Comment 9 Huzaifa S. Sidhpurwala 2019-04-18 04:47:32 UTC

Upstream patch: https://github.com/ClusterLabs/pacemaker/pull/1749/commits/970736b1c7ad5c78cc5295a4231e546104d55893

Comment 10 Huzaifa S. Sidhpurwala 2019-05-04 07:59:26 UTC

Created pacemaker tracking bugs for this issue:

Affects: openstack-rdo [bug 1706307]

Comment 11 errata-xmlrpc 2019-05-27 15:59:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1279 https://access.redhat.com/errata/RHSA-2019:1279

Comment 12 errata-xmlrpc 2019-05-27 16:00:09 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1278 https://access.redhat.com/errata/RHSA-2019:1278

Note You need to log in before you can comment on or make changes to this bug.