ALT Linux Team

Package keepalived update in sisyphus on 2022-12-02

ALT-PU-2022-3262-1

Package keepalived updated to version 2.2.7-alt1 for branch sisyphus in task 311041.

Closed vulnerabilities

Published: 2021-11-26

BDU:2023-02653

Уязвимость системы балансировки сетевого трафика Keepalived, связанная с недостатками разграничения доступа, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
References:
Published: 2021-11-26
Modified: 2024-11-21

CVE-2021-44225

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property

Severity: MEDIUM (5.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top