==========================================================================
Ubuntu Security Notice USN-3995-1
May 28, 2019
keepalived vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Keepalived could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
– keepalived: Failover and monitoring daemon for LVS clusters
Details:
It was discovered that Keepalived incorrectly handled certain HTTP status
response codes. A remote attacker could use this issue to cause Keepalived
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
keepalived 1:1.3.9-1ubuntu1.1
Ubuntu 18.04 LTS:
keepalived 1:1.3.9-1ubuntu0.18.04.2
Ubuntu 16.04 LTS:
keepalived 1:1.2.24-1ubuntu0.16.04.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3995-1
CVE-2018-19115
Package Information:
https://launchpad.net/ubuntu/+source/keepalived/1:1.3.9-1ubuntu1.1
https://launchpad.net/ubuntu/+source/keepalived/1:1.3.9-1ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/keepalived/1:1.2.24-1ubuntu0.16.04.2
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlztPQoACgkQZWnYVadE
vpOskRAAswMwL0sl8zNIB03Q5TfGOYNaMzIaOzvW+m2QSAYhKuF4ZlXQI6LBUCaw
1hANyQdXbDzTEL8cRHJfBN7fK47k85ygf/yYUTmC1KOY+lur4si2l6w/TjbOJ9rO
gfA11zr4KM5JQUhX6PFM7hKrrCMOnf2y0w0gbe0Jcz661urx2SG8GpPcm83kYBfi
ZrfgEIvcgHTTiy9x0KZ06E8YSWS8oI/h7FV7rquneflyLqoiMid8jR3GXuIHneAW
6vR6iRtyiN54+U//3IJJpUX9be0pGGsLJ9tLl3pc142aNy3g0alsQ/MvIgjYMrVG
7o963OztlrOvQDwIaH3u5LuaOrUKy/7kYFQO10D8CBovyaFPMeNgmNSXgou4iWBt
PmKnJBcIj1HoMxxc9yArZDEvvGD11kdZb1dZ0qBd6gPcjKqWaAity4VwwvhUhlCW
/bjVXYCmQRuO8x0sWV6yYS1xm4uey+nbh/8WpbanZKK9vFUYTIUZH3bvAH6ahTgC
XOSe+mdMQrPiC9aH3jlblzxVcTzbiC2wLr3lV8N4qi3YBcqxCtXmEvIUQG3LivoJ
6X5CVgYae8IN5G7KonRlxnbM7PhVEBnaNutuKrfSY+Dte8zZ52O8zYhF+yw4B7fG
bzO1Rq1996wVi6laxpiDCW/gdgeTQ+fTp6UPHkPw7uIMGVjvMdE=
=4QoV
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3995-2
May 28, 2019
keepalived vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
Keepalived could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
– keepalived: Failover and monitoring daemon for LVS clusters
Details:
USN-3995-1 fixed a vulnerability in keepalived. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Keepalived incorrectly handled certain HTTP
status response codes. A remote attacker could use this issue to cause
Keepalived to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
keepalived 1:1.2.7-1ubuntu1+esm1
Ubuntu 12.04 ESM:
keepalived 1:1.2.2-3ubuntu1.2
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3995-2
https://usn.ubuntu.com/usn/usn-3995-1
CVE-2018-19115—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJc7XHYAAoJEEW851uECx9piKgP/RQAOM+75/rjkAdEx5QI8r+U
eyh2/mbaUSLzK65pNbayT51d/F5poQsaPs5ixPSgNIoYbgTb3Q5VYslXoi7MpLKg
Gg8sRO0VuVN4YwaK/BSNSDpGWwz5HMWTA44RTUu3lV9GdKtRc4akL0vwSW2fujOw
xIJiGVVWfLgVOYN93yq7f8pjmRxxQXiiN5foxKYHa6viwlK3eSzPWK+gn7U+L64f
gnnutk9rFs+fkEA61rZmHukQVO8bzMW1XBoTImCIKkkKADkiSB/IahUwUGC9XKp3
00C+BA7yiMalErNRhhX7kVeLt/LfzPnuqZqmMZJQUM5rBPp4yDRpPrRHRKSHXKfM
UakhNKNVOGK0iXeKTghu+3CsKTV44zH9yeUk1gXbVM7ns+Iw4J2cadvBNEov9IwG
0XeAdRZA1qL8nTXwYiA4QUQJaps1rCJJc6PHvIlSHTx0lORFneUGjEeDmV5Z/Egm
EG1UoBg6aAmpsegFZT/f/Hz10LT9g5xpv9H7LIRKwEgNy5jNdbCPHnlv8D2nQ8lz
A1TzLk2O1bJ6Rcr7FfkMHMDgYAH3wf8O7RKXlwkxPQHBY0SVOu8rRQnFcJ67OzjE
a8xTlVON3Lo2xe6r9Ejnnw42ngLmyZXBaw1BdSMoy3r99B3aTPfzvQ2k+qb2niWW
pL1krOO57IUUpdt310I+
=dR1g
—–END PGP SIGNATURE—–
—