Описание
Security update for keepalived
This update for keepalived fixes the following issues:
- CVE-2021-44225: Fix a potential privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115).
Список пакетов
Container ses/7.1/ceph/keepalived:latest
keepalived-2.0.19-150100.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP1
keepalived-2.0.19-150100.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP2
keepalived-2.0.19-150100.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP3
keepalived-2.0.19-150100.3.6.1
openSUSE Leap 15.3
keepalived-2.0.19-150100.3.6.1
Ссылки
- Link for SUSE-SU-2022:2923-1
- E-Mail link for SUSE-SU-2022:2923-1
- SUSE Security Ratings
- SUSE Bug 1193115
- SUSE CVE CVE-2021-44225 page
Описание
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Затронутые продукты
Container ses/7.1/ceph/keepalived:latest:keepalived-2.0.19-150100.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP1:keepalived-2.0.19-150100.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP2:keepalived-2.0.19-150100.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP3:keepalived-2.0.19-150100.3.6.1
Ссылки
- CVE-2021-44225
- SUSE Bug 1193115