Fedora Linux 8778 Published by

A pacemaker security update has been released for Fedora 33.



SECURITY: Fedora 33 Update: pacemaker-2.0.5-0.7.rc3.fc33


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-3d0e38b9e7
2020-11-27 01:20:50.553150
--------------------------------------------------------------------------------

Name : pacemaker
Product : Fedora 33
Version : 2.0.5
Release : 0.7.rc3.fc33
URL :   https://www.clusterlabs.org
Summary : Scalable High-Availability cluster resource manager
Description :
Pacemaker is an advanced, scalable High-Availability cluster resource
manager.

It supports more than 16 node clusters with significant capabilities
for managing resources and dependencies.

It will run scripts at initialization, when machines go up or down,
when related resources fail and can be configured to periodically check
resource health.

Available rpmbuild rebuild options:
--with(out) : cibsecrets coverage doc hardening pre_release profiling

--------------------------------------------------------------------------------
Update Information:

** Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 ** - a
little more syncing with upstream spec-file ** Tue Nov 17 2020 Klaus Wenninger
- 2.0.5-0.6.rc3 ** - Update for new upstream tarball for
release candidate: Pacemaker-2.0.5-rc3 for full details, see included
ChangeLog file or
  https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc3 -
Corosync in Fedora now provides corosync-devel as well in isa-flavor ** Sun Nov
1 2020 Klaus Wenninger - 2.0.5-0.5.rc2 ** - Update for
new upstream tarball for release candidate: Pacemaker-2.0.5-rc2, includes fix
for CVE-2020-25654 for full details, see included ChangeLog file or
  https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2 -
Remove dependencies to nagios-plugins from metadata-package - some sync with
structure of upstream spec-file - removed some legacy conditionals - added with-
cibsecrets - enable some basic gating-tests - remove building documentation
using publican from ELN - rename doc-dir for ELN ---- - Update for new
upstream tarball for release candidate: Pacemaker-2.0.5-rc2, includes fix for
CVE-2020-25654 for full details, see included ChangeLog file or
  https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2 -
Remove dependencies to nagios-plugins from metadata-package - some sync with
structure of upstream spec-file - removed some legacy conditionals - added with-
cibsecrets - enable some basic gating-tests - remove building documentation
using publican from ELN - rename doc-dir for ELN
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3
- a little more syncing with upstream spec-file
* Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3
- Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3
for full details, see included ChangeLog file or
  https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc3
- Corosync in Fedora now provides corosync-devel as well in isa-flavor
* Sun Nov 1 2020 Klaus Wenninger - 2.0.5-0.5.rc2
- Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc2,
includes fix for CVE-2020-25654
for full details, see included ChangeLog file or
  https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2
- Remove dependencies to nagios-plugins from metadata-package
- some sync with structure of upstream spec-file
- removed some legacy conditionals
- added with-cibsecrets
- enable some basic gating-tests
- remove building documentation using publican from ELN
- rename doc-dir for ELN
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1889581 - pacemaker-2.0.5-rc2 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=1889581
[ 2 ] Bug #1891718 - CVE-2020-25654 pacemaker: ACL restrictions bypass [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=1891718
[ 3 ] Bug #1898409 - pacemaker-2.0.5-rc3 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=1898409
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-3d0e38b9e7' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys