Debian 10225 Published by

A keepalived security update has been released for Debian GNU/Linux 9 Extended LTS to address two security vulnerabilities.



ELA-834-1 keepalived security update

Package : keepalived
Version : 1:1.3.2-1+deb9u1 (stretch)

Related CVEs :
CVE-2018-19115
CVE-2021-44225

Two security vulnerabilities were found in keepalived, a failover and
monitoring daemon for LVS clusters.

CVE-2018-19115
keepalived has a heap-based buffer overflow when parsing HTTP
status codes resulting in DoS or possibly unspecified other impact, because
extract_status_code in lib/html.c has no validation of the status code and
instead writes an unlimited amount of data to the heap.

CVE-2021-44225
A flaw was found in keepalived where an improper authentication
vulnerability allows an unprivileged user to change properties that could
lead to an access-control bypass.

  ELA-834-1 keepalived security update