SUSE-SU-2016:3162-1: moderate: Security update for pacemaker

Thu Dec 15 10:08:18 MST 2016

   SUSE Security Update: Security update for pacemaker
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:3162-1
Rating:             moderate
References:         #1000743 #1002767 #1003565 #1007433 #1009076 
                    #953192 #970733 #971129 #972187 #974108 #975079 
                    #976271 #976865 #977258 #977675 #977800 #981489 
                    #981731 #986056 #986201 #986265 #986644 #986676 
                    #986931 #987348 
Cross-References:   CVE-2016-7035 CVE-2016-7797
Affected Products:
                    SUSE Linux Enterprise High Availability Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves two vulnerabilities and has 23 fixes
   is now available.

Description:

   This update for pacemaker fixes one security issue and several
   non-security issues.

   The following security issue has been fixed:

   - libcrmcommon: Fix improper IPC guarding. (bsc#1007433, CVE-2016-7035)

   The following non-security issues have been fixed:

   - Add logrotate to reqs of pacemaker-cli.
   - Add $remote_fs dependencies to the init scripts.
   - all: Clarify licensing and copyrights.
   - attrd,ipc: Prevent possible segfault on exit. (bsc#986056)
   - attrd, libcrmcommon: Validate attrd requests better.
   - attrd_updater: Fix usage of HAVE_ATOMIC_ATTRD.
   - cib/fencing: Set status callback before connecting to cluster.
     (bsc#974108)
   - ClusterMon: Fix to avoid matching other process with the same PID.
   - crmd: Acknowledge cancellation operations for remote connection
     resources. (bsc#976865)
   - crmd: Avoid timeout on older peers when cancelling a resource operation.
   - crmd: Record pending operations in the CIB before they are performed.
     (bsc#1003565)
   - crmd: Clear remote node operation history only when it comes up.
   - crmd: Clear remote node transient attributes on disconnect. (bsc#981489)
   - crmd: Don't abort transitions for CIB comment changes.
   - crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us
     down.
   - crmd: Get full action information earlier. (bsc#981731)
   - crmd: Graceful proxy shutdown is now tested. (bsc#981489)
   - crmd: Keep a state of LRMD in the DC node latest.
   - crmd,lrmd,liblrmd: Use defined constants for lrmd IPC operations.
     (bsc#981489)
   - crmd: Mention that graceful remote shutdowns may cause connection
     failures. (bsc#981489)
   - crmd/pengine: Handle on-fail=ignore properly. (bsc#981731)
   - crmd/pengine: Implement on-fail=ignore without allow-fail. (bsc#981731)
   - crmd: Remove dead code. (bsc#981731)
   - crmd: Rename action number variable in process_graph_event().
     (bsc#981731)
   - crmd: Resend the shutdown request if the DC forgets.
   - crmd: Respect start-failure-is-fatal even for artificially injected
     events. (bsc#981731)
   - crmd: Set remote flag when gracefully shutting down remote nodes.
     (bsc#981489)
   - crmd: Set the shutdown transient attribute in response to
     LRMD_IPC_OP_SHUTDOWN_REQ from remote nodes. (bsc#981489)
   - crmd: Support graceful pacemaker_remote stops. (bsc#981489)
   - crmd: Take start-delay into account for the timeout of the action timer.
     (bsc#977258)
   - crmd: Use defined constant for magic "direct nack" RC. (bsc#981731)
   - crmd: Use proper resource agent name when caching metadata.
   - crmd: When node load was reduced, crmd carries out a feasible action.
   - crm_mon: Avoid logging errors for any CIB changes that we don't care
     about. (bsc#986931)
   - crm_mon: Consistently print ms resource state.
   - crm_mon: Do not call setenv with null value.
   - crm_mon: Do not log errors for the known CIB changes that should be
     ignored. (bsc#986931)
   - crm_mon: Fix time formatting on x32.
   - cts: Avoid kill usage error if DummySD stop called when already stopped.
   - CTS: Get Reattach test working again and up-to-date. (bsc#953192)
   - cts: Simulate pacemaker_remote failure with kill. (bsc#981489)
   - fencing/fence_legacy: Search capable devices by querying them through
     "list" action for cluster-glue stonith agents. (bsc#986265)
   - fencing: Record the last known names of nodes to make sure fencing
     requested with nodeid works. (bsc#974108)
   - libais,libcluster,libcrmcommon,liblrmd: Don't use %z specifier.
   - libcib,libfencing,libtransition: Handle memory allocation errors without
     CRM_CHECK().
   - lib: Correction of the deletion of the notice registration.
   - libcrmcommon: Correct directory name in log message.
   - libcrmcommon: Ensure crm_time_t structure is fully initialized by API
     calls.
   - libcrmcommon: Log XML comments correctly.
   - libcrmcommon: Properly handle XML comments when comparing v2 patchset
     diffs.
   - libcrmcommon: Really ensure crm_time_t structure is fully initialized by
     API calls.
   - libcrmcommon: Remove extraneous format specifier from log message.
   - libcrmcommon: Report errors consistently when waiting for data on
     connection. (bsc#986644)
   - libfencing: Report added node ID correctly.
   - liblrmd: Avoid memory leak when closing or deleting lrmd connections.
   - libpengine: Allow pe_order_same_node option for constraints.
   - libpengine: Log message when stonith disabled, not enabled.
   - libpengine: Only log startup-fencing warning once.
   - libtransition: Potential memory leak if unpacking action fails.
   - lrmd: Handle shutdown a little more cleanly. (bsc#981489)
   - lrmd,libcluster: Ensure g_hash_table_foreach() is never passed a null
     table.
   - lrmd,liblrmd: Add lrmd IPC operations for requesting and acknowledging
     shutdown. (bsc#981489)
   - lrmd: Make proxied IPC providers/clients opaque. (bsc#981489)
   - mcp: Improve comments for sysconfig options.
   - pacemaker_remote: Set LSB Provides header to the service name.
   - pacemaker_remote: Support graceful stops. (bsc#981489)
   - PE: Correctly update the dependent actions of un-runnable clones.
   - PE: Honor the shutdown transient attributes for remote nodes.
     (bsc#981489)
   - pengine: Avoid memory leak when invalid constraint involves set.
   - pengine: Avoid null dereference in new same-node ordering option.
   - pengine: Avoid transition loop for start-then-stop + unfencing.
   - pengine: Avoid use-after-free with location constraint + sets +
     templates.
   - pengine: Better error handling when unpacking sets in location
     constraints.
   - pengine: Consider resource failed if any of the configured monitor
     operations failed. (bsc#972187)
   - pengine: Correction of the record judgment of the failed information.
   - pengine: Do not fence a maintenance node if it shuts down cleanly.
     (bsc#1000743)
   - pengine: Correctly set the environment variable
     "OCF_RESKEY_CRM_meta_timeout" when "start-delay" is configured.
     (bsc#977258)
   - pengine: Only set unfencing constraints once.
   - pengine: Organize order of actions for master resources in
     anti-colocations. (bsc#977800)
   - pengine: Organize order of actions for slave resources in
     anti-colocations. (bsc#977800)
   - pengine: Properly order stop actions relative to stonith.
   - pengine: Respect asymmetrical ordering when trying to move resources.
     (bsc#977675)
   - pengine: Set OCF_RESKEY_CRM_meta_notify_active_* for multistate
     resources.
   - pengine,tools: Display pending resource state by default when it's
     available. (bsc#986201)
   - ping: Avoid temp files in fping_check. (bsc#987348)
   - ping: Avoid temporary files for fping check. (bsc#987348)
   - ping: Log sensible error when /tmp is full. (bsc#987348)
   - ping resource: Use fping6 for IPv6 hosts. (bsc#976271)
   - RA/SysInfo: Reset the node attribute "#health_disk" to "green" when
     there's sufficient free disk. (bsc#975079)
   - remote: Allow cluster and remote LRM API versions to diverge.
     (bsc#1009076)
   - remote: Correctly calculate the remaining timeouts when receiving
     messages. (bsc#986644)
   - resources: Use OCF version tagging correctly.
   - services: Correctly clean up service actions for non-dbus case.
   - spec: fence_pcmk only eligible for Pacemaker+CMAN.
   - stonithd: Correction of the wrong connection process name.
   - sysconfig: Minor tweaks (typo, wording).
   - tools: Avoid memory leaks in crm_resource --restart.
   - tools: Avoid memory leak when crm_mon unpacks constraints.
   - tools: Correctly count starting resources when doing crm_resource
     --restart.
   - tools: crm_resource -T option should not be hidden anymore.
   - tools: crm_standby --version/--help should work without cluster.
   - tools: Do not send command lines to syslog. (bsc#986676)
   - tools: Do not assume all resources restart on same node with
     crm_resource --restart.
   - tools: Don't require node to be known to crm_resource when deleting
     attribute.
   - tools: Properly handle crm_resource --restart with a resource in a group.
   - tools: Remember any existing target-role when doing crm_resource
     --restart.
   - various: Issues discovered via valgrind and coverity.

   Additionally, the following references have been added to the changelog:

   bsc#970733, fate#318381, bsc#1002767, CVE-2016-7797, bsc#971129

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Availability Extension 11-SP4:

      zypper in -t patch slehasp4-pacemaker-12889=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-pacemaker-12889=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libpacemaker-devel-1.1.12-18.1
      libpacemaker3-1.1.12-18.1
      pacemaker-1.1.12-18.1
      pacemaker-cli-1.1.12-18.1
      pacemaker-remote-1.1.12-18.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      pacemaker-debuginfo-1.1.12-18.1
      pacemaker-debugsource-1.1.12-18.1

References:

   https://www.suse.com/security/cve/CVE-2016-7035.html
   https://www.suse.com/security/cve/CVE-2016-7797.html
   https://bugzilla.suse.com/1000743
   https://bugzilla.suse.com/1002767
   https://bugzilla.suse.com/1003565
   https://bugzilla.suse.com/1007433
   https://bugzilla.suse.com/1009076
   https://bugzilla.suse.com/953192
   https://bugzilla.suse.com/970733
   https://bugzilla.suse.com/971129
   https://bugzilla.suse.com/972187
   https://bugzilla.suse.com/974108
   https://bugzilla.suse.com/975079
   https://bugzilla.suse.com/976271
   https://bugzilla.suse.com/976865
   https://bugzilla.suse.com/977258
   https://bugzilla.suse.com/977675
   https://bugzilla.suse.com/977800
   https://bugzilla.suse.com/981489
   https://bugzilla.suse.com/981731
   https://bugzilla.suse.com/986056
   https://bugzilla.suse.com/986201
   https://bugzilla.suse.com/986265
   https://bugzilla.suse.com/986644
   https://bugzilla.suse.com/986676
   https://bugzilla.suse.com/986931
   https://bugzilla.suse.com/987348