[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA-1589-1] keepalived security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : icecast2
Version        : 1:1.2.13-1+deb8u1
CVE ID         : CVE-2018-19115
Debian Bug     : 914393


keepalived has a heap-based buffer overflow when parsing HTTP status
codes resulting in DoS or possibly unspecified other impact, because
extract_status_code in lib/html.c has no validation of the status code
and instead writes an unlimited amount of data to the heap.

For Debian 8 "Jessie", this problem has been fixed in version
1:1.2.13-1+deb8u1.

We recommend that you upgrade your keepalived packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlv7/ZkACgkQhj1N8u2c
KO+05A/9F+Y82YO9nV6g/rSdPuMexZfevHmLuuOdrcZASbzjVU7/647vVtXgtM+a
CLOElQtPxnsf6CzTTFaxiPnF4oyep4lu+l4Us9IxvNTi7NrpEdgz0wdU4+EfdLMG
pjNNxG1pHeq1FWVaIvgd9L45GHiSTUiGK/A3azcH8Ys7Iy86IymEcQQ+TeMhBoEg
wbrcIHJrth9ovdUKVryz1oWhxNv6qpRA2ZMg4jtPLiuDqY03wxLupDkEOSi5TwFb
QQMWFZYxRtDqyTGdHyFVU1nM0KeYGVFOW5Ru5DB3YYZKK6rQQpQXBZ4bGa0ZWyKy
nS7+NIRBEmi/NbBdZiW+RnHLRk1QneScVQz4390xSC4+CNcOX9AhQ6iaNDQaX98K
0lWyI13vtTB2eqzkQ/gB4WpGX3snsGWMnotamc9UvY2z2IkSX+XPMox8geNYpK3j
iCjLv+4+kmQs35EzDBgpbY+g68e4WUDeE/quOzGKNSDFP7jIfvzWK0khTEuRHCpK
CoUjpN2LZarFlwxSdP01rPH45n7CNoGMKxikpgkO5o1nvrK4NI4wAcPSsstcxaCv
ELDBoeBW1HpMcxWtpd9ECBSp5YpruyeRmRq1rrt0vBc1/wl+JEhViIpkTexEbe2+
aDV8m8hupvOlcsFOH6Mlp+veUVcRMzEkTAFtx3G2evMhp5AcC44=
=zf3/
-----END PGP SIGNATURE-----
Reply to: