Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="9303">
  <issue tracker="bnc" id="1015141">VUL-0: CVE-2018-19044,CVE-2018-19045,CVE-2018-19046, CVE-2018-19115: keepalived: dbus support in keepalived</issue>
  <issue tracker="bnc" id="1069468">Packages should no longer use /var/adm/fillup-templates</issue>
  <issue tracker="bnc" id="949238">VUL-1: keepalived: gethostbyname issue</issue>
  <issue tracker="cve" id="2018-19046"/>
  <issue tracker="cve" id="2018-19044"/>
  <issue tracker="cve" id="2018-19045"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>computersalat</packager>
  <description>This update for keepalived to version 2.0.10 fixes the following issues:

Security issues fixed (bsc#1015141):

- CVE-2018-19044: Fixed a check for pathnames with symlinks when writing data
  to a temporary file upon a call to PrintData or PrintStats
- CVE-2018-19045: Fixed mode when creating new temporary files upon a call to
  PrintData or PrintStats
- CVE-2018-19046: Fixed a check for existing plain files when writing data to
  a temporary file upon a call to PrintData or PrintStats

Non-security issues fixed:

- Replace references to /var/adm/fillup-templates with new %_fillupdir
  macro (boo#1069468)
- Use getaddrinfo instead of gethostbyname to workaround glibc gethostbyname
  function buffer overflow (bsc#949238)

For the full list of changes refer to: http://www.keepalived.org/changelog.html
</description>
  <summary>Security update for keepalived</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places