27832 – [Update Request] pacemaker CVE-2020-25654

Bug 27832 - [Update Request] pacemaker CVE-2020-25654

Summary: [Update Request] pacemaker CVE-2020-25654

Status:	RESOLVED DUPLICATE of bug 27472

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-12-15 16:59 CET by Zombie Ryushu
Modified:	2020-12-15 17:12 CET (History)
CC List:	0 users

See Also:
Source RPM:	pacemaker-1.1.19-2.2.mga7.src
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2020-12-15 16:59:07 CET

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

Comment 1 David Walser 2020-12-15 17:12:03 CET

Already reported and FIXED!

*** This bug has been marked as a duplicate of bug 27472 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.