Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 14.04 ESM: 3995-2 Moderate: Keepalived Denial Of Service Risk

ubuntu
Calendar Grey May 28, 2019
Dist Ubuntu Esm H88
A vulnerability in Keepalived can cause system crashes or unauthorized code execution from specially crafted packets. Update your Ubuntu system immediately to stay secure
Keepalived could be made to crash or run programs if it received specially crafted network traffic.

Summary

Keepalived could be made to crash or run programs if it received

specially crafted network traffic.

Software Description:

- keepalived: Failover and monitoring daemon for LVS clusters

Details:

USN-3995-1 fixed a vulnerability in keepalived. This update provides

the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

 It was discovered that Keepalived incorrectly handled certain HTTP

 status response codes. A remote attacker could use this issue to cause

 Keepalived to crash, resulting in a denial of service, or possibly

 execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  keepalived                      1:1.2.7-1ubuntu1+esm1

Ubuntu 12.04 ESM:
  keepalived                      1:1.2.2-3ubuntu1.2

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3995-2

  https://ubuntu.com/security/notices/USN-3995-1

  CVE-2018-19115

May 28, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.