[Debian-ha-maintainers] Bug#974563: corosync unable to communicate with pacemaker 1.1.16-1+deb9u1 which contains the fix for CVE-2020-25654
Alejandro Taboada
alejandro.taboada at altipeak.com
Fri Nov 13 02:20:34 GMT 2020
Hi Markus,
I tested the update version 1.1.16-1+deb9u1.2 and still no luck.
Regards,
Alejandro
> On 12 Nov 2020, at 20:57, Markus Koschany <apo at debian.org> wrote:
>
> Hi,
>
> Am Donnerstag, den 12.11.2020, 18:21 +0100 schrieb Pallai Roland:
>> Hi Markus,
>>
>> The problem is still the same here:
>
> Thanks for your debug log. I have looked at every line of code again and
> compared the original upstream patch from here
>
>
> https://bugzilla.redhat.com/attachment.cgi?id=1722701
>
> with the released fix from here
>
> https://github.com/ClusterLabs/pacemaker/pull/2210/commits/7babd406e7195fcce57850a8589b06e095642c33
>
> There is only one thing that stands out, in fencing/commands.c
>
> if client = NULL, then they assume now it is a peer and this is always allowed
> to interact. For me it is the only explanation at the moment why you still see
>
> Rejecting IPC request 'lrmd_rsc_info' from unprivileged client crmd
>
> If you take a closer look at the patch then the allowed variable must be true
> in lrmd/lrmd.c but in your case it is (incorrectly) false. Since crmd is part
> of pacemaker it should not be rejected. Please try the new version at
>
> https://people.debian.org/~apo/lts/pacemaker/
>
> and report back if that addresses the problem.
>
> Thanks,
>
> Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-ha-maintainers/attachments/20201112/4b19e192/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.png
Type: image/png
Size: 194583 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-ha-maintainers/attachments/20201112/4b19e192/attachment-0001.png>
More information about the Debian-ha-maintainers
mailing list