What is CVE-2018-16878?

CVE-2018-16878 is a vulnerability found in pacemaker up to and including version 2.0.1.

What is the severity of CVE-2018-16878?

The severity of CVE-2018-16878 is medium with a severity value of 5.5.

How does CVE-2018-16878 impact pacemaker?

CVE-2018-16878 can lead to a denial-of-service (DoS) attack due to insufficient verification inflicted preference of uncontrolled processes.

Which software versions are affected by CVE-2018-16878?

Pacemaker versions up to and including 2.0.1 are affected by CVE-2018-16878.

How can I fix CVE-2018-16878?

To fix CVE-2018-16878, update pacemaker to version 2.0.2 or higher.

Vulnerability/
CVE-2018-16878

medium

6.2

CWE

400

10/12/2018

17/4/2019

7/11/2023

CVE-2018-16878

First published: Mon Dec 10 2018(Updated: )

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/pacemaker	<2.0.2	2.0.2
ubuntu/pacemaker	<1.1.18-0ubuntu1.1	1.1.18-0ubuntu1.1
ubuntu/pacemaker	<1.1.18-2ubuntu1.18.10.1	1.1.18-2ubuntu1.18.10.1
ubuntu/pacemaker	<1.1.18-2ubuntu1.19.04.1	1.1.18-2ubuntu1.19.04.1
ubuntu/pacemaker	<1.1.14-2ubuntu1.6	1.1.14-2ubuntu1.6
Clusterlabs Pacemaker	<=2.0.1
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=18.10
Canonical Ubuntu Linux	=19.04
Fedoraproject Fedora	=28
Fedoraproject Fedora	=29
Fedoraproject Fedora	=30
Debian Debian Linux	=9.0
openSUSE Leap	=15.0
openSUSE Leap	=42.3
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux Aus	=8.2
Redhat Enterprise Linux Aus	=8.4
Redhat Enterprise Linux Aus	=8.6
Redhat Enterprise Linux Eus	=8.1
Redhat Enterprise Linux Eus	=8.2
Redhat Enterprise Linux Eus	=8.4
Redhat Enterprise Linux Eus	=8.6
Redhat Enterprise Linux Tus	=8.2
Redhat Enterprise Linux Tus	=8.4
Redhat Enterprise Linux Tus	=8.6
	<=2.0.1
	=16.04
	=18.04
	=18.10
	=19.04
	=28
	=29
	=30
	=9.0
	=15.0
	=42.3
	=8.0
	=8.2
	=8.4
	=8.6
	=8.1
	=8.2
	=8.4
	=8.6
	=8.2
	=8.4
	=8.6
debian/pacemaker		2.0.1-5+deb10u2 2.0.1-5+deb10u1 2.0.5-2 2.1.5-1+deb12u1 2.1.6-4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-3952-1

Frequently Asked Questions

What is CVE-2018-16878?
CVE-2018-16878 is a vulnerability found in pacemaker up to and including version 2.0.1.
What is the severity of CVE-2018-16878?
The severity of CVE-2018-16878 is medium with a severity value of 5.5.
How does CVE-2018-16878 impact pacemaker?
CVE-2018-16878 can lead to a denial-of-service (DoS) attack due to insufficient verification inflicted preference of uncontrolled processes.
Which software versions are affected by CVE-2018-16878?
Pacemaker versions up to and including 2.0.1 are affected by CVE-2018-16878.
How can I fix CVE-2018-16878?
To fix CVE-2018-16878, update pacemaker to version 2.0.2 or higher.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/launchpad-cve
source/Launchpad
collector/nvd-api
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-16878
collector/security-tracker-debian
source/Debian
collector/usn-cve
source/Ubuntu
vendor/clusterlabs
canonical/clusterlabs pacemaker
version/clusterlabs pacemaker/2.0.1
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/18.10
version/canonical ubuntu linux/19.04
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/28
version/fedoraproject fedora/29
version/fedoraproject fedora/30
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.0
version/opensuse leap/42.3
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
canonical/redhat enterprise linux aus
version/redhat enterprise linux aus/8.2
version/redhat enterprise linux aus/8.4
version/redhat enterprise linux aus/8.6
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.1
version/redhat enterprise linux eus/8.2
version/redhat enterprise linux eus/8.4
version/redhat enterprise linux eus/8.6
canonical/redhat enterprise linux tus
version/redhat enterprise linux tus/8.2
version/redhat enterprise linux tus/8.4
version/redhat enterprise linux tus/8.6
package-manager/redhat
package-manager/debian
package-manager/ubuntu