1 |
type: security |
2 |
subject: Updated keepalived package fixes security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2018-19044 |
5 |
- CVE-2018-19045 |
6 |
- CVE-2018-19046 |
7 |
- CVE-2018-19115 |
8 |
src: |
9 |
6: |
10 |
core: |
11 |
- keepalived-2.0.10-1.mga6 |
12 |
description: | |
13 |
keepalived before version 2.0.9 didn't check for pathnames with symlinks |
14 |
when writing data to a temporary file upon a call to PrintData or |
15 |
PrintStats. This allowed local users to overwrite arbitrary files if |
16 |
fs.protected_symlinks is set to 0, as demonstrated by a symlink from |
17 |
/tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd |
18 |
(CVE-2018-19044). |
19 |
|
20 |
keepalived before version 2.0.9 used mode 0666 when creating new |
21 |
temporary files upon a call to PrintData or PrintStats, potentially |
22 |
leaking sensitive information (CVE-2018-19045). |
23 |
|
24 |
keepalived before version 2.0.10 didn't check for existing plain files |
25 |
when writing data to a temporary file upon a call to PrintData or |
26 |
PrintStats. If a local attacker had previously created a file with the |
27 |
expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), |
28 |
with read access for the attacker and write access for the keepalived |
29 |
process, then this potentially leaked sensitive information |
30 |
(CVE-2018-19046). |
31 |
|
32 |
keepalived before version 2.0.9 has a heap-based buffer overflow when |
33 |
parsing HTTP status codes resulting in DoS or possibly unspecified other |
34 |
impact, because extract_status_code in lib/html.c has no validation of |
35 |
the status code and instead writes an unlimited amount of data to the |
36 |
heap (CVE-2018-19115). |
37 |
references: |
38 |
- https://bugs.mageia.org/show_bug.cgi?id=24063 |
39 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6YQ7NS6S7B7V2X5NEUJKMTNXL3YPD7H3/ |
40 |
ID: MGASA-2018-0494 |