SUSE Package Hub - openSUSE-2019-1008

Update Info

openSUSE-2019-1008

Security update for keepalived

Type: security

Severity: moderate

Issued: 2019-03-23

Description:

This update for keepalived to version 2.0.10 fixes the following issues:

Security issues fixed (bsc#1015141):

- CVE-2018-19044: Fixed a check for pathnames with symlinks when writing data
  to a temporary file upon a call to PrintData or PrintStats
- CVE-2018-19045: Fixed mode when creating new temporary files upon a call to
  PrintData or PrintStats
- CVE-2018-19046: Fixed a check for existing plain files when writing data to
  a temporary file upon a call to PrintData or PrintStats

Non-security issues fixed:

- Replace references to /var/adm/fillup-templates with new %_fillupdir
  macro (boo#1069468)
- Use getaddrinfo instead of gethostbyname to workaround glibc gethostbyname
  function buffer overflow (bsc#949238)

For the full list of changes refer to: http://www.keepalived.org/changelog.html

References

CVE: CVE-2018-19046
CVE: CVE-2018-19045
CVE: CVE-2018-19044
Bugzilla: 949238 VUL-1: keepalived: gethostbyname issue
Bugzilla: 1069468 Packages should no longer use /var/adm/fillup-templates
Bugzilla: 1015141 VUL-0: CVE-2018-19044,CVE-2018-19045,CVE-2018-19046, CVE-2018-19115: keepalived: dbus support in keepalived

Packages

keepalived-2.0.10-bp150.3.4.1