Candidate: CVE-2018-19045
PublicDate: 2018-11-08 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19045
Description:
 keepalived 2.0.8 used mode 0666 when creating new temporary files upon a
 call to PrintData or PrintStats, potentially leaking sensitive information.
Ubuntu-Description:
Notes:
 mdeslaur> xenial and earlier don't have dbus support
Bugs:
 https://bugzilla.suse.com/show_bug.cgi?id=1015141
 https://github.com/acassen/keepalived/issues/1048
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_keepalived:
 upstream: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
 upstream: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
upstream_keepalived: released (2.0.9)
precise/esm_keepalived: not-affected (code not present)
trusty_keepalived: not-affected (code not present)
trusty/esm_keepalived: not-affected (code not present)
xenial_keepalived: not-affected (code not present)
esm-infra/xenial_keepalived: not-affected (code not present)
bionic_keepalived: needed
cosmic_keepalived: ignored (reached end-of-life)
disco_keepalived: not-affected (1:2.0.10-1)
eoan_keepalived: not-affected (1:2.0.10-1)
focal_keepalived: not-affected (1:2.0.10-1)
groovy_keepalived: not-affected (1:2.0.10-1)
hirsute_keepalived: not-affected (1:2.0.10-1)
impish_keepalived: not-affected (1:2.0.10-1)
jammy_keepalived: not-affected (1:2.0.10-1)
devel_keepalived: not-affected (1:2.0.10-1)