ALAS2022-2022-038

Amazon Linux 2022 Security Advisory: ALAS-2022-038
Advisory Release Date: 2022-03-07 23:58 Pacific
Advisory Updated Date: 2022-03-08 17:49 Pacific

Severity: Medium

References: CVE-2021-44225
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in keepalived, where an improper authentication vulnerability allows an unprivileged user to change properties that could lead to an access-control bypass. (CVE-2021-44225)

Affected Packages:

keepalived

Issue Correction:
Run dnf update --releasever=2022.0.20220308 keepalived to update your system.

New Packages:

aarch64:
    keepalived-debuginfo-2.2.4-2.amzn2022.aarch64
    keepalived-2.2.4-2.amzn2022.aarch64
    keepalived-debugsource-2.2.4-2.amzn2022.aarch64

src:
    keepalived-2.2.4-2.amzn2022.src

x86_64:
    keepalived-debuginfo-2.2.4-2.amzn2022.x86_64
    keepalived-debugsource-2.2.4-2.amzn2022.x86_64
    keepalived-2.2.4-2.amzn2022.x86_64

Additional References

Red Hat: CVE-2021-44225

Mitre: CVE-2021-44225

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2022-2022-038

Additional References