| Summary: | keepalived new security issue CVE-2021-44225 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, mageia, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | keepalived-2.2.3-2.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-12-14 22:33:55 CET
David Walser
2021-12-14 22:34:13 CET
Whiteboard:
(none) =>
MGA8TOO fixed in mga8/9
src:
- keepalived-2.1.5-2.1.mga8Whiteboard:
MGA8TOO =>
(none) Cauldron still needs to be updated to 2.2.4 as well. Build failed in Mageia 8: http://pkgsubmit.mageia.org/uploads/failure/8/core/updates_testing/20211214222526.neoclust.duvel.3199374/log/keepalived-2.1.5-2.1.mga8/build.x86_64.0.20211214222554.log Assignee:
qa-bugs =>
mageia new version pushed in mga8:
src:
- keepalived-2.2.3-3.mga8Assignee:
mageia =>
qa-bugs RPM and SRPM: keepalived-2.2.3-3.mga8 2.2.4 pushed to Cauldron. If we're updating Mageia 8 from 2.1.5 to 2.2.x, we should update that to 2.2.4 as well. keepalived-2.2.4-1.mga8 also pushed to the build system. References for the 2.2.x updates: https://www.keepalived.org/release-notes/Release-2.2.0.html https://www.keepalived.org/release-notes/Release-2.2.1.html https://www.keepalived.org/release-notes/Release-2.2.2.html https://www.keepalived.org/release-notes/Release-2.2.3.html https://www.keepalived.org/release-notes/Release-2.2.4.html Referenced Bug 24063 for information, where I see that keepalived is described as a "big thing to drive," and was OKed based on a clean install and a check of the service status. There were no installation issues with this update. [root@localhost ~]# systemctl status keepalived ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:keepalived(8) man:keepalived.conf(5) man:genhash(1) https://keepalived.org Dec 15 13:08:45 localhost Keepalived[14953]: pid 14955 exited with permanent error CONFIG. Terminating Dec 15 13:08:45 localhost Keepalived[14953]: CPU usage (self/children) user: 0.005125/0.001018 system: 0.000000/0.000000 Dec 15 13:08:45 localhost Keepalived[14953]: Stopped Keepalived v2.2.4 (08/21,2021) Dec 15 13:08:45 localhost Keepalived_healthcheckers[14954]: Shutting down service [192.168.201.100]:tcp:443 from VS [192.168.200.100]:tcp:443 Dec 15 13:08:45 localhost Keepalived_healthcheckers[14954]: Shutting down service [192.168.200.2]:tcp:1358 from VS [10.10.10.2]:tcp:1358 Dec 15 13:08:45 localhost Keepalived_healthcheckers[14954]: Shutting down service [192.168.200.3]:tcp:1358 from VS [10.10.10.2]:tcp:1358 Dec 15 13:08:45 localhost Keepalived_healthcheckers[14954]: Shutting down service [192.168.200.4]:tcp:1358 from VS [10.10.10.3]:tcp:1358 Dec 15 13:08:45 localhost Keepalived_healthcheckers[14954]: Shutting down service [192.168.200.5]:tcp:1358 from VS [10.10.10.3]:tcp:1358 Dec 15 13:08:45 localhost Keepalived_healthcheckers[14954]: Stopped - used 0.001702 user time, 0.000000 system time Dec 15 13:08:45 localhost systemd[1]: keepalived.service: Succeeded. It looks to me like the service tried to start, but was then shut down due to a CONFIG error. Since I didn't do anything configuration-wise, I believe it is working as expected, within what I can test. Giving it an OK, and validating. Whiteboard:
(none) =>
MGA8-64-OK
Thomas Backlund
2021-12-19 12:26:07 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0567.html Resolution:
(none) =>
FIXED |