Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE: 2018:4213-1 Moderate: keepalived Security Update

opensuse
Calendar Grey December 21, 2018
Dist Opensuse Esm H88
openSUSE Security Patch for keepalived addresses several vulnerabilities, enhancing the reliability and safety of your environments.
An update that fixes three vulnerabilities is now available

Description

This update for keepalived to version 2.0.10 fixes the following issues:

Security issues fixed (bsc#1015141):

- CVE-2018-19044: Fixed a check for pathnames with symlinks when writing

data to a temporary file upon a call to PrintData or PrintStats

- CVE-2018-19045: Fixed mode when creating new temporary files upon a call

to PrintData or PrintStats

- CVE-2018-19046: Fixed a check for existing plain files when writing data

to a temporary file upon a call to PrintData or PrintStats

Non-security issues fixed:

- Replace references to /var/adm/fillup-templates with new %_fillupdir

macro (boo#1069468)

- Use getaddrinfo instead of gethostbyname to workaround glibc

gethostbyname function buffer overflow (bsc#949238)

For the full list of changes refer to:

https://www.keepalived.org/changelog.html

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-1575=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

keepalived-2.0.10-6.1

References

https://www.suse.com/security/cve/CVE-2018-19044.html

https://www.suse.com/security/cve/CVE-2018-19045.html

https://www.suse.com/security/cve/CVE-2018-19046.html

https://bugzilla.suse.com/1015141

https://bugzilla.suse.com/1069468

https://bugzilla.suse.com/949238

--

Announcement ID: openSUSE-SU-2018:4213-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here