安全公告详情

NS-SA-2021-0021

2021-03-09 13:05:16

简介

moderate: libcroco/pacemaker security update

严重级别

moderate

主题

An update for libcroco/pacemaker is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

libcroco: CSS2 parsing and manipulation library for GNOME
pacemaker: Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. The pacemaker-cluster-libs package contains cluster-aware shared libraries needed for nodes that will form part of the cluster nodes.


Security Fix(es):
libcroco: A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability.(CVE-2020-12825)
libcroco: bugfix
pacemaker: An ACL bypass flaw was found in Pacemaker. This flaw allows an attacker with a local account on the cluster and in the haclient group to use IPC communication with various daemons to directly perform certain tasks that would be prevented if they had gone through configured ACLs. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-25654)
pacemaker: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F29B5.

影响组件

  • libcroco
  • pacemaker

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["libcroco-0.6.12-6.el7_9.x86_64.rpm","libcroco-debuginfo-0.6.12-6.el7_9.x86_64.rpm","libcroco-devel-0.6.12-6.el7_9.x86_64.rpm"],"source":"libcroco-0.6.12-6.el7_9.src.rpm"},{"binary":["pacemaker-cluster-libs-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-libs-devel-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-cli-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-cts-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-remote-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-doc-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-libs-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-1.1.23-1.el7_9.1.x86_64.rpm"],"source":"pacemaker-1.1.23-1.el7_9.1.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["libcroco-0.6.12-6.el7_9.x86_64.rpm","libcroco-debuginfo-0.6.12-6.el7_9.x86_64.rpm","libcroco-devel-0.6.12-6.el7_9.x86_64.rpm"],"source":"libcroco-0.6.12-6.el7_9.src.rpm"},{"binary":["pacemaker-cluster-libs-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-libs-devel-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-cli-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-cts-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-remote-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-nagios-plugins-metadata-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-doc-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-libs-1.1.23-1.el7_9.1.x86_64.rpm","pacemaker-1.1.23-1.el7_9.1.x86_64.rpm"],"source":"pacemaker-1.1.23-1.el7_9.1.src.rpm"}]}]}

CVE

参考