Описание
Security update for keepalived
This update for keepalived fixes the following issues:
- CVE-2021-44225: Fix a potential privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115).
Bugfixes:
- Set ProtectKernelModules to false in service file (bsc#1202808).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15 SP4
keepalived-2.2.2-150400.3.5.1
openSUSE Leap 15.4
keepalived-2.2.2-150400.3.5.1
Ссылки
- Link for SUSE-SU-2022:3232-1
- E-Mail link for SUSE-SU-2022:3232-1
- SUSE Security Ratings
- SUSE Bug 1193115
- SUSE Bug 1202808
- SUSE CVE CVE-2021-44225 page
Описание
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP4:keepalived-2.2.2-150400.3.5.1
openSUSE Leap 15.4:keepalived-2.2.2-150400.3.5.1
Ссылки
- CVE-2021-44225
- SUSE Bug 1193115