|| ||Mageia Updates <firstname.lastname@example.org> |
|| ||email@example.com |
|| ||[updates-announce] MGASA-2012-0188: keepalived-1.2.2-0.4.mga1
(1/core), keepalived-1.2.2-1.2.mga2 (2/core) |
|| ||Thu, 2 Aug 2012 20:21:20 +0200|
|| ||Article, Thread
Date: August 2nd, 2012
Affected releases: 1, 2
Updated keepalived package fixes security vulnerability:
The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and
earlier uses 0666 permissions for the (1) keepalived.pid,
(2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows
local users to kill arbitrary processes by writing a PID to one of
these files (CVE-2011-1784).
A security issue due to syslog being used inside of sighandlers has
also been fixed.
Finally, keepalived was failing to load the ip_vs kernel module
because of an incorrect modprobe option. This has also been corrected.
to post comments)