CVE-2018-19045

Published: 08 November 2018

keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
keepalived
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.9)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1:2.0.10-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:2.0.10-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
Upstream: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6