Package name
keepalived
Date
2013-04-10
Advisory ID
MDVSA-2013:096
Affected versions
MBS1 x86_64

Problem description

Updated keepalived package fixes security vulnerability:

The pidfile_write function in core/pidfile.c in keepalived 1.2.2
and earlier uses 0666 permissions for the (1) keepalived.pid, (2)
checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local
users to kill arbitrary processes by writing a PID to one of these
files (CVE-2011-1784).

A security issue due to syslog being used inside of sighandlers has
also been fixed.

Finally, keepalived was failing to load the ip_vs kernel module
because of an incorrect modprobe option. This has also been corrected.

Updated packages

MBS1 x86_64

 43f8ed4c37d9fe36333144910b156756  mbs1/x86_64/keepalived-1.2.2-2.1.mbs1.x86_64.rpm 
 469ea55f6172a4bd36202dcd33203765  mbs1/SRPMS/keepalived-1.2.2-2.1.mbs1.src.rpm

References