PublicDateAtUSN: 2017-03-24
Candidate: CVE-2016-7797
PublicDate: 2017-03-24 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7797
 https://ubuntu.com/security/notices/USN-3462-1
Description:
 Pacemaker before 1.1.15, when using pacemaker remote, might allow remote
 attackers to cause a denial of service (node disconnection) via an
 unauthenticated connection.
Ubuntu-Description:
Notes:
 mdeslaur> introduced in 1.1.12
Bugs:
 http://bugs.clusterlabs.org/show_bug.cgi?id=5269
Priority: medium
Discovered-by: Alain Moulle
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_pacemaker:
 upstream: https://github.com/ClusterLabs/pacemaker/commit/5ec24a26
upstream_pacemaker: released (1.1.15~rc3-1)
precise_pacemaker: ignored (reached end-of-life)
precise/esm_pacemaker: DNE (precise was needs-triage)
trusty_pacemaker: not-affected (1.1.10+git20130802-1ubuntu2.3)
trusty/esm_pacemaker: DNE (trusty was not-affected [1.1.10+git20130802-1ubuntu2.3])
vivid/stable-phone-overlay_pacemaker: DNE
vivid/ubuntu-core_pacemaker: DNE
xenial_pacemaker: released (1.1.14-2ubuntu1.2)
esm-infra/xenial_pacemaker: released (1.1.14-2ubuntu1.2)
yakkety_pacemaker: not-affected (1.1.15-1ubuntu2)
zesty_pacemaker: not-affected (1.1.15-1ubuntu2)
artful_pacemaker: not-affected (1.1.15-1ubuntu2)
devel_pacemaker: not-affected (1.1.15-1ubuntu2)