Detections
Analytics

Oracle Linux 6 : pacemaker (ELSA-2013-1635)

high Nessus Plugin ID 181104

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1635 advisory.

 [1.1.10-14]
 - Log: crmd: Supply arguments in the correct order Resolves: rhbz#996850
 - Fix: Invalid formatting of log message causes crash Resolves: rhbz#996850

 [1.1.10-13]
 - Fix: cman: Start clvmd and friends from the init script if enabled

 [1.1.10-12]
 - Fix: Consistently use 'Slave' as the role for unpromoted master/slave resources Resolves: rhbz#1011618
 - Fix: pengine: Location constraints with role=Started should prevent masters from running at all Resolves: rhbz#902407
 - Fix: crm_resource: Observe --master modifier for --move Resolves: rhbz#902407

 [1.1.10-11] + Fix: cman: Do not start pacemaker if cman startup fails + Fix: Fencing: Observe pcmk_host_list during automatic unfencing Resolves: rhbz#996850

 [1.1.10-10]
 - Remove unsupported resource agent Resolves: rhbz#1005678
 - Provide a meaningful error if --master is used for primitives and groups

 [1.1.10-9] + Fix: xml: Location constraints are allowed to specify a role + Bug rhbz#902407 - crm_resource: Handle --ban for master/slave resources as advertised Resolves: rhbz#902407

 [1.1.10-8] + Fix: mcp: Remove LSB hints that instruct chkconfig to start pacemaker at boot time Resolves: rhbz#997346

 [1.1.10-7] + Fencing: Support agents that need the host to be unfenced at startup Resolves: rhbz#996850 + Fix: crm_report: Collect corosync quorum data Resolves: rhbz#989292

 [1.1.10-6]
 - Regenerate patches to have meaningful names

 [1.1.10-5] + Fix: systemd: Prevent glib assertion - only call g_error_free with non-NULL arguments + Fix: systemd: Prevent additional use-of-NULL assertions in g_error_free + Fix: logging: glib CRIT messages should not produce core files in the background + Fix: crmd: Correcty update the history cache when recurring ops change their return code + Log: crm_mon: Unmangle the output for failed operations + Log: cib: Correctly log short-form xml diffs + Log: pengine: Better indicate when a resource has failed

 [1.1.10-4] + Fix: crmd: Prevent crash by passing log arguments in the correct order + Fix: pengine: Do not re-allocate clone instances that are blocked in the Stopped state + Fix: pengine: Do not allow colocation with blocked clone instances

 [1.1.10-3] + Fix: pengine: Do not restart resources that depend on unmanaged resources + Fix: crmd: Prevent recurring monitors being cancelled due to notify operations

 [1.1.10-2]
 - Drop rgmanager 'provides' directive

 [1.1.10-1]
 - Update source tarball to revision: Pacemaker-1.1.10
 - See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details

 - Resolves: rhbz#891766
 - Resolves: rhbz#902407
 - Resolves: rhbz#908450
 - Resolves: rhbz#913093
 - Resolves: rhbz#951340
 - Resolves: rhbz#951371
 - Related: rhbz#987355

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2013-1635.html

Plugin Details

Severity: High

ID: 181104

File Name: oraclelinux_ELSA-2013-1635.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2013-0281

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:pacemaker-cli, p-cpe:/a:oracle:linux:pacemaker, p-cpe:/a:oracle:linux:pacemaker-libs, p-cpe:/a:oracle:linux:pacemaker-cts, p-cpe:/a:oracle:linux:pacemaker-libs-devel, p-cpe:/a:oracle:linux:pacemaker-remote, p-cpe:/a:oracle:linux:pacemaker-cluster-libs, p-cpe:/a:oracle:linux:pacemaker-doc, cpe:/o:oracle:linux:6

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/26/2013

Vulnerability Publication Date: 2/14/2013

Reference Information

CVE: CVE-2013-0281