MGASA-2021-0567 - Updated keepalived packages fix security vulnerability Publication date: 19 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0567.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-44225 In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property (CVE-2021-44225). References: - https://bugs.mageia.org/show_bug.cgi?id=29769 - https://www.keepalived.org/release-notes/Release-2.2.0.html - https://www.keepalived.org/release-notes/Release-2.2.1.html - https://www.keepalived.org/release-notes/Release-2.2.2.html - https://www.keepalived.org/release-notes/Release-2.2.3.html - https://www.keepalived.org/release-notes/Release-2.2.4.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44225 SRPMS: - 8/core/keepalived-2.2.4-1.mga8