[ClusterLabs] FYI: Pacemaker vulnerability CVE-2020-25654
Ken Gaillot
kgaillot at redhat.com
Tue Oct 27 11:06:39 EDT 2020
Hi all,
A vulnerability was found in Pacemaker allowing a user who is in the
haclient group but restricted by ACLs to bypass those ACLs. It has been
assigned the ID CVE-2020-25654.
This will be fixed in the 2.0 and master branches today, along with a
2.0.5-rc2 release that includes the fix. It will also be fixed in the
1.1 branch along with a 1.1.24-rc1 release that includes just this. I
will also post patches for the 2.0.3 and 2.0.4 releases to the
developers at clusterlabs.org list.
--
Ken Gaillot <kgaillot at redhat.com>
More information about the Users
mailing list