Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:4213-1

Опубликовано: 21 дек. 2018
Источник: suse-cvrf

Описание

Security update for keepalived

This update for keepalived to version 2.0.10 fixes the following issues:

Security issues fixed (bsc#1015141):

  • CVE-2018-19044: Fixed a check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats
  • CVE-2018-19045: Fixed mode when creating new temporary files upon a call to PrintData or PrintStats
  • CVE-2018-19046: Fixed a check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats

Non-security issues fixed:

  • Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
  • Use getaddrinfo instead of gethostbyname to workaround glibc gethostbyname function buffer overflow (bsc#949238)

For the full list of changes refer to: http://www.keepalived.org/changelog.html

Список пакетов

SUSE Package Hub for SUSE Linux Enterprise 12
keepalived-2.0.10-bp150.3.4.1
SUSE Package Hub for SUSE Linux Enterprise 15
keepalived-2.0.10-bp150.3.4.1

Ссылки

Описание

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 12:keepalived-2.0.10-bp150.3.4.1
SUSE Package Hub for SUSE Linux Enterprise 15:keepalived-2.0.10-bp150.3.4.1
Ссылки

Описание

keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.

Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 12:keepalived-2.0.10-bp150.3.4.1
SUSE Package Hub for SUSE Linux Enterprise 15:keepalived-2.0.10-bp150.3.4.1
Ссылки

Описание

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.

Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 12:keepalived-2.0.10-bp150.3.4.1
SUSE Package Hub for SUSE Linux Enterprise 15:keepalived-2.0.10-bp150.3.4.1
Ссылки