You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa keepalived

Sigurnosni nedostaci programskog paketa keepalived

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-12-11 02:42:14.381642

Name : keepalived
Product : Fedora 29
Version : 2.0.10
Release : 1.fc29
Summary : High Availability monitor built upon LVS, VRRP and service pollers
Description :
Keepalived provides simple and robust facilities for load balancing
and high availability to Linux system and Linux based infrastructures.
The load balancing framework relies on well-known and widely used
Linux Virtual Server (IPVS) kernel module providing Layer4 load
balancing. Keepalived implements a set of checkers to dynamically and
adaptively maintain and manage load-balanced server pool according
their health. High availability is achieved by VRRP protocol. VRRP is
a fundamental brick for router failover. In addition, keepalived
implements a set of hooks to the VRRP finite state machine providing
low-level and high-speed protocol interactions. Keepalived frameworks
can be used independently or all together to provide resilient

Update Information:

Security fix for CVE-2018-19044, CVE-2018-19045, CVE-2018-19046, CVE-2018-19115

* Mon Nov 26 2018 Ryan O’Hara <> – 2.0.10-1
– Update to 2.0.10
– Fix improper pathname validation (#1651864, CVE-2018-19044)
– Fix insecure permissions when creating temporary files (#1651868, CVE-2018-19045)
– Fix insecure use of temporary files (#1651870, CVE-2018-19046)
– Fix buffer overflow when parsing HTTP status codes (#1651873, CVE-2018-19047)

[ 1 ] Bug #1651863 – CVE-2018-19044 keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks
[ 2 ] Bug #1651866 – CVE-2018-19045 keepalived: Insecure permissions when creating new temporary files allows for leaking of sensitive data
[ 3 ] Bug #1651869 – CVE-2018-19046 keepalived: Insecure use of temporary files allows attackers read sensitive information from pre-existing files
[ 4 ] Bug #1651871 – CVE-2018-19115 keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-3fbc181b3e’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorJosip Papratovic
Cert idNCERT-REF-2018-12-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa php7

Otkriveni su sigurnosni nedostaci u programskom paketu php7 za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...