{"id":"MGASA-2021-0567","summary":"Updated keepalived packages fix security vulnerability","details":"In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict\nthe message destination, allowing any user to inspect and manipulate any\nproperty. This leads to access-control bypass in some situations in which\nan unrelated D-Bus system service has a settable (writable) property\n(CVE-2021-44225).\n","modified":"2026-02-01T22:37:48.564390Z","published":"2021-12-19T12:26:08Z","related":["CVE-2021-44225"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0567.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29769"},{"type":"REPORT","url":"https://www.keepalived.org/release-notes/Release-2.2.0.html"},{"type":"REPORT","url":"https://www.keepalived.org/release-notes/Release-2.2.1.html"},{"type":"REPORT","url":"https://www.keepalived.org/release-notes/Release-2.2.2.html"},{"type":"REPORT","url":"https://www.keepalived.org/release-notes/Release-2.2.3.html"},{"type":"REPORT","url":"https://www.keepalived.org/release-notes/Release-2.2.4.html"}],"affected":[{"package":{"name":"keepalived","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/keepalived?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.4-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0567.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}