Bug#974563: Security update of pacemaker

[Thorsten Rehm]

Hi Markus,

thank you for the effort and the update.
Unfortunately there are still some problems with the updated version.

I've just updated the pacemaker package from 1.1.16-1+deb9u2 to
1.1.24-0+deb9u1. Afterwards parts of the Cluster Resource Manager
(crm) can't be executed due to a library error. TL;DR:
libpe_status.so.10 != libpe_status.so.16 and libpengine.so.10 !=
libpengine.so.16

In Detail:
$ /usr/sbin/crm_mon --version
Pacemaker 1.1.16
Written by Andrew Beekhof

$ apt policy pacemaker
pacemaker:
  Installed: 1.1.16-1+deb9u2
  Candidate: 1.1.24-0+deb9u1
[...]

$ apt install pacemaker
[...]
The following packages will be upgraded:
  libcib4 libcrmcluster4 libcrmcommon3 libcrmservice3 liblrmd1
libpe-rules2 libpe-status10 libpengine10 libstonithd2
  libtransitioner2 pacemaker
[...]

$ apt policy pacemaker
pacemaker:
  Installed: 1.1.24-0+deb9u1
  Candidate: 1.1.24-0+deb9u1
[...]

$ crm_mon --version
crm_mon: error while loading shared libraries: libpe_status.so.10:
cannot open shared object file: No such file or directory

$ crm status
/usr/sbin/crm_mon: error while loading shared libraries:
libpe_status.so.10: cannot open shared object file: No such file or
directory
/usr/sbin/crm_mon: error while loading shared libraries:
libpe_status.so.10: cannot open shared object file: No such file or
directory
ERROR: status: crm_mon (rc=127):

$ ldd /usr/sbin/crm_mon | grep "not found"
libpe_status.so.10 => not found
libpengine.so.10 => not found

$ dpkg -L libpe-status10 | grep so
/usr/lib/x86_64-linux-gnu/libpe_status.so.16.1.0
/usr/lib/x86_64-linux-gnu/libpe_status.so.16

$ dpkg -L libpengine10 | grep so
/usr/lib/x86_64-linux-gnu/libpengine.so.16.1.0
/usr/lib/x86_64-linux-gnu/libpengine.so.16

Can you please investigate again?

Thank you.

Best regards,
Thorsten Rehm


On Mon, 28 Dec 2020 00:24:14 +0100 Markus Koschany  wrote:
> Hello,
>
> I have prepared a new security update of pacemaker, the latest version in the
> 1.1.x series. The update will fix CVE-2018-16877, CVE-2018-16878 and CVE-2020-
> 25654. I would appreciate it if you could test this version before it is
> uploaded to stretch-security again. You can find all Debian packages at
>
> https://people.debian.org/~apo/lts/pacemaker/
>
> including the source package if you prefer to compile pacemaker from source.
>
> If I don't get any negative feedback I intend to upload pacemaker 1.1.24-
> 0+deb9u1 on 06.01.2021.
>
> Regards,
>
> Markus

Bug#974563: Security update of pacemaker

[Louis Sautier]

On 28/12/2020 00:24, Markus Koschany wrote:

Hello,

I have prepared a new security update of pacemaker, the latest version in the
1.1.x series. The update will fix CVE-2018-16877, CVE-2018-16878 and CVE-2020-
25654. I would appreciate it if you could test this version before it is
uploaded to stretch-security again. You can find all Debian packages at

https://people.debian.org/~apo/lts/pacemaker/

including the source package if you prefer to compile pacemaker from source.

If I don't get any negative feedback I intend to upload pacemaker 1.1.24-
0+deb9u1 on 06.01.2021.

Regards,

Markus


Hi Markus,
Thanks for letting us know beforehand. I have installed version 
1.1.24-0+deb9u0 and it seems to work fine.


Kind regards,

Louis



OpenPGP_signature
Description: OpenPGP digital signature

Bug#974563: Security update of pacemaker

[Markus Koschany]

Hello,

I have prepared a new security update of pacemaker, the latest version in the
1.1.x series. The update will fix CVE-2018-16877, CVE-2018-16878 and CVE-2020-
25654. I would appreciate it if you could test this version before it is
uploaded to stretch-security again. You can find all Debian packages at 

https://people.debian.org/~apo/lts/pacemaker/

including the source package if you prefer to compile pacemaker from source.

If I don't get any negative feedback I intend to upload pacemaker 1.1.24-
0+deb9u1 on 06.01.2021.

Regards,

Markus


signature.asc
Description: This is a digitally signed message part