advisories/24063.adv

type: security
subject: Updated keepalived package fixes security vulnerabilities
CVE:
 - CVE-2018-19044
 - CVE-2018-19045
 - CVE-2018-19046
 - CVE-2018-19115
src:
  6:
   core:
     - keepalived-2.0.10-1.mga6
description: |
  keepalived before version 2.0.9 didn't check for pathnames with symlinks
  when writing data to a temporary file upon a call to PrintData or
  PrintStats. This allowed local users to overwrite arbitrary files if
  fs.protected_symlinks is set to 0, as demonstrated by a symlink from
  /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd
  (CVE-2018-19044).

  keepalived before version 2.0.9 used mode 0666 when creating new
  temporary files upon a call to PrintData or PrintStats, potentially
  leaking sensitive information (CVE-2018-19045).

  keepalived before version 2.0.10 didn't check for existing plain files
  when writing data to a temporary file upon a call to PrintData or
  PrintStats. If a local attacker had previously created a file with the
  expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats),
  with read access for the attacker and write access for the keepalived
  process, then this potentially leaked sensitive information
  (CVE-2018-19046).

  keepalived before version 2.0.9 has a heap-based buffer overflow when
  parsing HTTP status codes resulting in DoS or possibly unspecified other
  impact, because extract_status_code in lib/html.c has no validation of
  the status code and instead writes an unlimited amount of data to the
  heap (CVE-2018-19115).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24063
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6YQ7NS6S7B7V2X5NEUJKMTNXL3YPD7H3/
ID: MGASA-2018-0494
1	type: security
2	subject: Updated keepalived package fixes security vulnerabilities
3	CVE:
4	- CVE-2018-19044
5	- CVE-2018-19045
6	- CVE-2018-19046
7	- CVE-2018-19115
8	src:
9	6:
10	core:
11	- keepalived-2.0.10-1.mga6
12	description: \|
13	keepalived before version 2.0.9 didn't check for pathnames with symlinks
14	when writing data to a temporary file upon a call to PrintData or
15	PrintStats. This allowed local users to overwrite arbitrary files if
16	fs.protected_symlinks is set to 0, as demonstrated by a symlink from
17	/tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd
18	(CVE-2018-19044).
19
20	keepalived before version 2.0.9 used mode 0666 when creating new
21	temporary files upon a call to PrintData or PrintStats, potentially
22	leaking sensitive information (CVE-2018-19045).
23
24	keepalived before version 2.0.10 didn't check for existing plain files
25	when writing data to a temporary file upon a call to PrintData or
26	PrintStats. If a local attacker had previously created a file with the
27	expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats),
28	with read access for the attacker and write access for the keepalived
29	process, then this potentially leaked sensitive information
30	(CVE-2018-19046).
31
32	keepalived before version 2.0.9 has a heap-based buffer overflow when
33	parsing HTTP status codes resulting in DoS or possibly unspecified other
34	impact, because extract_status_code in lib/html.c has no validation of
35	the status code and instead writes an unlimited amount of data to the
36	heap (CVE-2018-19115).
37	references:
38	- https://bugs.mageia.org/show_bug.cgi?id=24063
39	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6YQ7NS6S7B7V2X5NEUJKMTNXL3YPD7H3/
40	ID: MGASA-2018-0494