[3.8] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, CVE-2018-19046)ID: oval:org.secpod.oval:def:1801278 | Date: (C)2019-01-16 (M)2021-11-09 |
Class: PATCH | Family: unix |
CVE-2018-19044: kkeepalived before version 2.0.9 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. Fixed In Version:¶ keepalived 2.0.9
Platform: |
Alpine Linux 3.8 |