First published: Mon Apr 01 2019(Updated: )
A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Clusterlabs Pacemaker | <=2.0.1 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Fedoraproject Fedora | =30 | |
redhat/pacemaker | <2.0.2 | 2.0.2 |
debian/pacemaker | 2.0.5-2 2.1.5-1+deb12u1 2.1.8-1 | |
<=2.0.1 | ||
=16.04 | ||
=18.04 | ||
=18.10 | ||
=19.04 | ||
=30 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3885 is a use-after-free vulnerability found in pacemaker up to and including version 2.0.1.
The severity of CVE-2019-3885 is high with a CVSS score of 7.5.
CVE-2019-3885 could result in certain sensitive information being leaked via the system logs in pacemaker.
Pacemaker versions up to and including 2.0.1 are affected by CVE-2019-3885.
To fix CVE-2019-3885, upgrade pacemaker to version 2.0.2 or later.