Security update for keepalived (moderate)

2018-12-2112:09:48

lists.opensuse.org

0.004 Low

EPSS

Percentile

72.2%

JSON

This update for keepalived to version 2.0.10 fixes the following issues:

Security issues fixed (bsc#1015141):

CVE-2018-19044: Fixed a check for pathnames with symlinks when writing
data to a temporary file upon a call to PrintData or PrintStats
CVE-2018-19045: Fixed mode when creating new temporary files upon a call
to PrintData or PrintStats
CVE-2018-19046: Fixed a check for existing plain files when writing data
to a temporary file upon a call to PrintData or PrintStats

Non-security issues fixed:

Replace references to /var/adm/fillup-templates with new %_fillupdir
macro (boo#1069468)
Use getaddrinfo instead of gethostbyname to workaround glibc
gethostbyname function buffer overflow (bsc#949238)

For the full list of changes refer to:
<a href=“http://www.keepalived.org/changelog.html”>http://www.keepalived.org/changelog.html</a>

OSVersionArchitecturePackageVersionFilename
SUSE Package Hub for SUSE Linux Enterprise12x86_64keepalived< 2.0.10-6.1keepalived-2.0.10-6.1.x86_64.rpm
SUSE Package Hub for SUSE Linux Enterprise12aarch64keepalived< 2.0.10-6.1keepalived-2.0.10-6.1.aarch64.rpm
SUSE Package Hub for SUSE Linux Enterprise12ppc64lekeepalived< 2.0.10-6.1keepalived-2.0.10-6.1.ppc64le.rpm
SUSE Package Hub for SUSE Linux Enterprise12s390xkeepalived< 2.0.10-6.1keepalived-2.0.10-6.1.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Package Hub for SUSE Linux Enterprise	12	x86_64	keepalived	< 2.0.10-6.1	keepalived-2.0.10-6.1.x86_64.rpm
SUSE Package Hub for SUSE Linux Enterprise	12	aarch64	keepalived	< 2.0.10-6.1	keepalived-2.0.10-6.1.aarch64.rpm
SUSE Package Hub for SUSE Linux Enterprise	12	ppc64le	keepalived	< 2.0.10-6.1	keepalived-2.0.10-6.1.ppc64le.rpm
SUSE Package Hub for SUSE Linux Enterprise	12	s390x	keepalived	< 2.0.10-6.1	keepalived-2.0.10-6.1.s390x.rpm