Security update for pacemaker

Announcement ID: SUSE-SU-2016:3162-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2016-7035 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-7797 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SLES for SAP Applications 11-SP4
  • SUSE Linux Enterprise High Availability Extension 11 SP4

An update that solves two vulnerabilities and has 23 security fixes can now be installed.

Description:

This update for pacemaker fixes one security issue and several non-security issues.

The following security issue has been fixed:

  • libcrmcommon: Fix improper IPC guarding. (bsc#1007433, CVE-2016-7035)

The following non-security issues have been fixed:

  • Add logrotate to reqs of pacemaker-cli.
  • Add $remote_fs dependencies to the init scripts.
  • all: Clarify licensing and copyrights.
  • attrd,ipc: Prevent possible segfault on exit. (bsc#986056)
  • attrd, libcrmcommon: Validate attrd requests better.
  • attrd_updater: Fix usage of HAVE_ATOMIC_ATTRD.
  • cib/fencing: Set status callback before connecting to cluster. (bsc#974108)
  • ClusterMon: Fix to avoid matching other process with the same PID.
  • crmd: Acknowledge cancellation operations for remote connection resources. (bsc#976865)
  • crmd: Avoid timeout on older peers when cancelling a resource operation.
  • crmd: Record pending operations in the CIB before they are performed. (bsc#1003565)
  • crmd: Clear remote node operation history only when it comes up.
  • crmd: Clear remote node transient attributes on disconnect. (bsc#981489)
  • crmd: Don't abort transitions for CIB comment changes.
  • crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down.
  • crmd: Get full action information earlier. (bsc#981731)
  • crmd: Graceful proxy shutdown is now tested. (bsc#981489)
  • crmd: Keep a state of LRMD in the DC node latest.
  • crmd,lrmd,liblrmd: Use defined constants for lrmd IPC operations. (bsc#981489)
  • crmd: Mention that graceful remote shutdowns may cause connection failures. (bsc#981489)
  • crmd/pengine: Handle on-fail=ignore properly. (bsc#981731)
  • crmd/pengine: Implement on-fail=ignore without allow-fail. (bsc#981731)
  • crmd: Remove dead code. (bsc#981731)
  • crmd: Rename action number variable in process_graph_event(). (bsc#981731)
  • crmd: Resend the shutdown request if the DC forgets.
  • crmd: Respect start-failure-is-fatal even for artificially injected events. (bsc#981731)
  • crmd: Set remote flag when gracefully shutting down remote nodes. (bsc#981489)
  • crmd: Set the shutdown transient attribute in response to LRMD_IPC_OP_SHUTDOWN_REQ from remote nodes. (bsc#981489)
  • crmd: Support graceful pacemaker_remote stops. (bsc#981489)
  • crmd: Take start-delay into account for the timeout of the action timer. (bsc#977258)
  • crmd: Use defined constant for magic "direct nack" RC. (bsc#981731)
  • crmd: Use proper resource agent name when caching metadata.
  • crmd: When node load was reduced, crmd carries out a feasible action.
  • crm_mon: Avoid logging errors for any CIB changes that we don't care about. (bsc#986931)
  • crm_mon: Consistently print ms resource state.
  • crm_mon: Do not call setenv with null value.
  • crm_mon: Do not log errors for the known CIB changes that should be ignored. (bsc#986931)
  • crm_mon: Fix time formatting on x32.
  • cts: Avoid kill usage error if DummySD stop called when already stopped.
  • CTS: Get Reattach test working again and up-to-date. (bsc#953192)
  • cts: Simulate pacemaker_remote failure with kill. (bsc#981489)
  • fencing/fence_legacy: Search capable devices by querying them through "list" action for cluster-glue stonith agents. (bsc#986265)
  • fencing: Record the last known names of nodes to make sure fencing requested with nodeid works. (bsc#974108)
  • libais,libcluster,libcrmcommon,liblrmd: Don't use %z specifier.
  • libcib,libfencing,libtransition: Handle memory allocation errors without CRM_CHECK().
  • lib: Correction of the deletion of the notice registration.
  • libcrmcommon: Correct directory name in log message.
  • libcrmcommon: Ensure crm_time_t structure is fully initialized by API calls.
  • libcrmcommon: Log XML comments correctly.
  • libcrmcommon: Properly handle XML comments when comparing v2 patchset diffs.
  • libcrmcommon: Really ensure crm_time_t structure is fully initialized by API calls.
  • libcrmcommon: Remove extraneous format specifier from log message.
  • libcrmcommon: Report errors consistently when waiting for data on connection. (bsc#986644)
  • libfencing: Report added node ID correctly.
  • liblrmd: Avoid memory leak when closing or deleting lrmd connections.
  • libpengine: Allow pe_order_same_node option for constraints.
  • libpengine: Log message when stonith disabled, not enabled.
  • libpengine: Only log startup-fencing warning once.
  • libtransition: Potential memory leak if unpacking action fails.
  • lrmd: Handle shutdown a little more cleanly. (bsc#981489)
  • lrmd,libcluster: Ensure g_hash_table_foreach() is never passed a null table.
  • lrmd,liblrmd: Add lrmd IPC operations for requesting and acknowledging shutdown. (bsc#981489)
  • lrmd: Make proxied IPC providers/clients opaque. (bsc#981489)
  • mcp: Improve comments for sysconfig options.
  • pacemaker_remote: Set LSB Provides header to the service name.
  • pacemaker_remote: Support graceful stops. (bsc#981489)
  • PE: Correctly update the dependent actions of un-runnable clones.
  • PE: Honor the shutdown transient attributes for remote nodes. (bsc#981489)
  • pengine: Avoid memory leak when invalid constraint involves set.
  • pengine: Avoid null dereference in new same-node ordering option.
  • pengine: Avoid transition loop for start-then-stop + unfencing.
  • pengine: Avoid use-after-free with location constraint + sets + templates.
  • pengine: Better error handling when unpacking sets in location constraints.
  • pengine: Consider resource failed if any of the configured monitor operations failed. (bsc#972187)
  • pengine: Correction of the record judgment of the failed information.
  • pengine: Do not fence a maintenance node if it shuts down cleanly. (bsc#1000743)
  • pengine: Correctly set the environment variable "OCF_RESKEY_CRM_meta_timeout" when "start-delay" is configured. (bsc#977258)
  • pengine: Only set unfencing constraints once.
  • pengine: Organize order of actions for master resources in anti-colocations. (bsc#977800)
  • pengine: Organize order of actions for slave resources in anti-colocations. (bsc#977800)
  • pengine: Properly order stop actions relative to stonith.
  • pengine: Respect asymmetrical ordering when trying to move resources. (bsc#977675)
  • pengine: Set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources.
  • pengine,tools: Display pending resource state by default when it's available. (bsc#986201)
  • ping: Avoid temp files in fping_check. (bsc#987348)
  • ping: Avoid temporary files for fping check. (bsc#987348)
  • ping: Log sensible error when /tmp is full. (bsc#987348)
  • ping resource: Use fping6 for IPv6 hosts. (bsc#976271)
  • RA/SysInfo: Reset the node attribute "#health_disk" to "green" when there's sufficient free disk. (bsc#975079)
  • remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076)
  • remote: Correctly calculate the remaining timeouts when receiving messages. (bsc#986644)
  • resources: Use OCF version tagging correctly.
  • services: Correctly clean up service actions for non-dbus case.
  • spec: fence_pcmk only eligible for Pacemaker+CMAN.
  • stonithd: Correction of the wrong connection process name.
  • sysconfig: Minor tweaks (typo, wording).
  • tools: Avoid memory leaks in crm_resource --restart.
  • tools: Avoid memory leak when crm_mon unpacks constraints.
  • tools: Correctly count starting resources when doing crm_resource --restart.
  • tools: crm_resource -T option should not be hidden anymore.
  • tools: crm_standby --version/--help should work without cluster.
  • tools: Do not send command lines to syslog. (bsc#986676)
  • tools: Do not assume all resources restart on same node with crm_resource --restart.
  • tools: Don't require node to be known to crm_resource when deleting attribute.
  • tools: Properly handle crm_resource --restart with a resource in a group.
  • tools: Remember any existing target-role when doing crm_resource --restart.
  • various: Issues discovered via valgrind and coverity.

Additionally, the following references have been added to the changelog:

bsc#970733, fate#318381, bsc#1002767, CVE-2016-7797, bsc#971129

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise High Availability Extension 11 SP4
    zypper in -t patch slehasp4-pacemaker-12889=1
  • SLES for SAP Applications 11-SP4
    zypper in -t patch slehasp4-pacemaker-12889=1

Package List:

  • SUSE Linux Enterprise High Availability Extension 11 SP4 (s390x x86_64 i586 ppc64 ia64)
    • pacemaker-cli-1.1.12-18.1
    • pacemaker-1.1.12-18.1
    • libpacemaker-devel-1.1.12-18.1
    • pacemaker-remote-1.1.12-18.1
    • libpacemaker3-1.1.12-18.1
  • SLES for SAP Applications 11-SP4 (ppc64 x86_64)
    • pacemaker-cli-1.1.12-18.1
    • pacemaker-1.1.12-18.1
    • libpacemaker-devel-1.1.12-18.1
    • pacemaker-remote-1.1.12-18.1
    • libpacemaker3-1.1.12-18.1

References: