You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa keepalived

Sigurnosni nedostatak programskog paketa keepalived

==========================================================================
Ubuntu Security Notice USN-3995-1
May 28, 2019

keepalived vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Keepalived could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
– keepalived: Failover and monitoring daemon for LVS clusters

Details:

It was discovered that Keepalived incorrectly handled certain HTTP status
response codes. A remote attacker could use this issue to cause Keepalived
to crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
keepalived 1:1.3.9-1ubuntu1.1

Ubuntu 18.04 LTS:
keepalived 1:1.3.9-1ubuntu0.18.04.2

Ubuntu 16.04 LTS:
keepalived 1:1.2.24-1ubuntu0.16.04.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3995-1
CVE-2018-19115

Package Information:
https://launchpad.net/ubuntu/+source/keepalived/1:1.3.9-1ubuntu1.1
https://launchpad.net/ubuntu/+source/keepalived/1:1.3.9-1ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/keepalived/1:1.2.24-1ubuntu0.16.04.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlztPQoACgkQZWnYVadE
vpOskRAAswMwL0sl8zNIB03Q5TfGOYNaMzIaOzvW+m2QSAYhKuF4ZlXQI6LBUCaw
1hANyQdXbDzTEL8cRHJfBN7fK47k85ygf/yYUTmC1KOY+lur4si2l6w/TjbOJ9rO
gfA11zr4KM5JQUhX6PFM7hKrrCMOnf2y0w0gbe0Jcz661urx2SG8GpPcm83kYBfi
ZrfgEIvcgHTTiy9x0KZ06E8YSWS8oI/h7FV7rquneflyLqoiMid8jR3GXuIHneAW
6vR6iRtyiN54+U//3IJJpUX9be0pGGsLJ9tLl3pc142aNy3g0alsQ/MvIgjYMrVG
7o963OztlrOvQDwIaH3u5LuaOrUKy/7kYFQO10D8CBovyaFPMeNgmNSXgou4iWBt
PmKnJBcIj1HoMxxc9yArZDEvvGD11kdZb1dZ0qBd6gPcjKqWaAity4VwwvhUhlCW
/bjVXYCmQRuO8x0sWV6yYS1xm4uey+nbh/8WpbanZKK9vFUYTIUZH3bvAH6ahTgC
XOSe+mdMQrPiC9aH3jlblzxVcTzbiC2wLr3lV8N4qi3YBcqxCtXmEvIUQG3LivoJ
6X5CVgYae8IN5G7KonRlxnbM7PhVEBnaNutuKrfSY+Dte8zZ52O8zYhF+yw4B7fG
bzO1Rq1996wVi6laxpiDCW/gdgeTQ+fTp6UPHkPw7uIMGVjvMdE=
=4QoV
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3995-2
May 28, 2019

keepalived vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Keepalived could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
– keepalived: Failover and monitoring daemon for LVS clusters

Details:

USN-3995-1 fixed a vulnerability in keepalived. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

 It was discovered that Keepalived incorrectly handled certain HTTP
 status response codes. A remote attacker could use this issue to cause
 Keepalived to crash, resulting in a denial of service, or possibly
 execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  keepalived                      1:1.2.7-1ubuntu1+esm1

Ubuntu 12.04 ESM:
  keepalived                      1:1.2.2-3ubuntu1.2

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3995-2
  https://usn.ubuntu.com/usn/usn-3995-1
  CVE-2018-19115—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJc7XHYAAoJEEW851uECx9piKgP/RQAOM+75/rjkAdEx5QI8r+U
eyh2/mbaUSLzK65pNbayT51d/F5poQsaPs5ixPSgNIoYbgTb3Q5VYslXoi7MpLKg
Gg8sRO0VuVN4YwaK/BSNSDpGWwz5HMWTA44RTUu3lV9GdKtRc4akL0vwSW2fujOw
xIJiGVVWfLgVOYN93yq7f8pjmRxxQXiiN5foxKYHa6viwlK3eSzPWK+gn7U+L64f
gnnutk9rFs+fkEA61rZmHukQVO8bzMW1XBoTImCIKkkKADkiSB/IahUwUGC9XKp3
00C+BA7yiMalErNRhhX7kVeLt/LfzPnuqZqmMZJQUM5rBPp4yDRpPrRHRKSHXKfM
UakhNKNVOGK0iXeKTghu+3CsKTV44zH9yeUk1gXbVM7ns+Iw4J2cadvBNEov9IwG
0XeAdRZA1qL8nTXwYiA4QUQJaps1rCJJc6PHvIlSHTx0lORFneUGjEeDmV5Z/Egm
EG1UoBg6aAmpsegFZT/f/Hz10LT9g5xpv9H7LIRKwEgNy5jNdbCPHnlv8D2nQ8lz
A1TzLk2O1bJ6Rcr7FfkMHMDgYAH3wf8O7RKXlwkxPQHBY0SVOu8rRQnFcJ67OzjE
a8xTlVON3Lo2xe6r9Ejnnw42ngLmyZXBaw1BdSMoy3r99B3aTPfzvQ2k+qb2niWW
pL1krOO57IUUpdt310I+
=dR1g
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa nmap

Otkriven je sigurnosni nedostatak u programskom paketu nmap za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close