You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa keepalived

Sigurnosni nedostaci programskog paketa keepalived

openSUSE Security Update: Security update for keepalived
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4213-1
Rating: moderate
References: #1015141 #1069468 #949238
Cross-References: CVE-2018-19044 CVE-2018-19045 CVE-2018-19046

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for keepalived to version 2.0.10 fixes the following issues:

Security issues fixed (bsc#1015141):

– CVE-2018-19044: Fixed a check for pathnames with symlinks when writing
data to a temporary file upon a call to PrintData or PrintStats
– CVE-2018-19045: Fixed mode when creating new temporary files upon a call
to PrintData or PrintStats
– CVE-2018-19046: Fixed a check for existing plain files when writing data
to a temporary file upon a call to PrintData or PrintStats

Non-security issues fixed:

– Replace references to /var/adm/fillup-templates with new %_fillupdir
macro (boo#1069468)
– Use getaddrinfo instead of gethostbyname to workaround glibc
gethostbyname function buffer overflow (bsc#949238)

For the full list of changes refer to:
http://www.keepalived.org/changelog.html

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-1575=1

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

keepalived-2.0.10-6.1

References:

https://www.suse.com/security/cve/CVE-2018-19044.html
https://www.suse.com/security/cve/CVE-2018-19045.html
https://www.suse.com/security/cve/CVE-2018-19046.html
https://bugzilla.suse.com/1015141
https://bugzilla.suse.com/1069468
https://bugzilla.suse.com/949238


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for keepalived
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4212-1
Rating: moderate
References: #1015141 #1069468 #949238
Cross-References: CVE-2018-19044 CVE-2018-19045 CVE-2018-19046

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for keepalived to version 2.0.10 fixes the following issues:

Security issues fixed (bsc#1015141):

– CVE-2018-19044: Fixed a check for pathnames with symlinks when writing
data to a temporary file upon a call to PrintData or PrintStats
– CVE-2018-19045: Fixed mode when creating new temporary files upon a call
to PrintData or PrintStats
– CVE-2018-19046: Fixed a check for existing plain files when writing data
to a temporary file upon a call to PrintData or PrintStats

Non-security issues fixed:

– Replace references to /var/adm/fillup-templates with new %_fillupdir
macro (boo#1069468)
– Use getaddrinfo instead of gethostbyname to workaround glibc
gethostbyname function buffer overflow (bsc#949238)

For the full list of changes refer to:
http://www.keepalived.org/changelog.html

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1575=1

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1575=1

– openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2018-1575=1

Package List:

– openSUSE Leap 42.3 (x86_64):

keepalived-2.0.10-7.3.1
keepalived-debuginfo-2.0.10-7.3.1
keepalived-debugsource-2.0.10-7.3.1

– openSUSE Leap 15.0 (x86_64):

keepalived-2.0.10-lp150.3.4.1
keepalived-debuginfo-2.0.10-lp150.3.4.1
keepalived-debugsource-2.0.10-lp150.3.4.1

– openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

keepalived-2.0.10-bp150.3.4.1

References:

https://www.suse.com/security/cve/CVE-2018-19044.html
https://www.suse.com/security/cve/CVE-2018-19045.html
https://www.suse.com/security/cve/CVE-2018-19046.html
https://bugzilla.suse.com/1015141
https://bugzilla.suse.com/1069468
https://bugzilla.suse.com/949238


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda...

Close