ALT-PU-2018-2627-1
Package keepalived updated to version 2.0.9-alt1 for branch sisyphus in task 216388.
Closed vulnerabilities
BDU:2020-05642
Уязвимость реализации вызовов PrintData или PrintStats системы балансировки сетевого трафика Keepalived, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2020-05693
Уязвимость реализации вызовов PrintData или PrintStats системы балансировки сетевого трафика Keepalived, позволяющая нарушителю перезаписывать произвольные файлы
BDU:2020-05694
Уязвимость реализации вызовов PrintData или PrintStats системы балансировки сетевого трафика Keepalived, позволяющая нарушителю получить доступ к защищаемой информации
Modified: 2024-11-21
CVE-2018-19044
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
- RHSA-2019:2285
- RHSA-2019:2285
- https://bugzilla.suse.com/show_bug.cgi?id=1015141
- https://bugzilla.suse.com/show_bug.cgi?id=1015141
- https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
- https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
- https://github.com/acassen/keepalived/issues/1048
- https://github.com/acassen/keepalived/issues/1048
- GLSA-201903-01
- GLSA-201903-01
Modified: 2024-11-21
CVE-2018-19045
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.
- https://bugzilla.suse.com/show_bug.cgi?id=1015141
- https://bugzilla.suse.com/show_bug.cgi?id=1015141
- https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
- https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
- https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
- https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
- https://github.com/acassen/keepalived/issues/1048
- https://github.com/acassen/keepalived/issues/1048
- GLSA-201903-01
- GLSA-201903-01
Modified: 2024-11-21
CVE-2018-19046
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.