keepalived: CVE-2018-19115 heap-based buffer overflow and DoS

Debian Bug report logs - #914393
keepalived: CVE-2018-19115 heap-based buffer overflow and DoS

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: submit@bugs.debian.org

Subject: keepalived: CVE-2018-19115 heap-based buffer overflow and DoS

Date: Thu, 22 Nov 2018 23:46:40 +0100

[Message part 1 (text/plain, inline)]

Package: keepalived
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for keepalived.

CVE-2018-19115[0]:
| keepalived before 2.0.7 has a heap-based buffer overflow when parsing
| HTTP status codes resulting in DoS or possibly unspecified other
| impact, because extract_status_code in lib/html.c has no validation of
| the status code and instead writes an unlimited amount of data to the
| heap.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-19115
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19115

Please adjust the affected versions in the BTS as needed.

Regards,

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #16 received at 914393-close@bugs.debian.org (full text, mbox, reply):

From: Alexander Wirt <formorer@debian.org>

To: 914393-close@bugs.debian.org

Subject: Bug#914393: fixed in keepalived 1:2.0.10-1

Date: Fri, 30 Nov 2018 20:59:40 +0000

Source: keepalived
Source-Version: 1:2.0.10-1

We believe that the bug you reported is fixed in the latest version of
keepalived, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 914393@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Wirt <formorer@debian.org> (supplier of updated keepalived package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 30 Nov 2018 21:20:05 +0100
Source: keepalived
Binary: keepalived
Architecture: source
Version: 1:2.0.10-1
Distribution: unstable
Urgency: high
Maintainer: Alexander Wirt <formorer@debian.org>
Changed-By: Alexander Wirt <formorer@debian.org>
Description:
 keepalived - Failover and monitoring daemon for LVS clusters
Closes: 810347 830196 900260 902978 909697 914393
Changes:
 keepalived (1:2.0.10-1) unstable; urgency=high
 .
   * [3b99bf9] Update vcs headers to salsa
   * [f697779] New upstream version 2.0.2
   * [c97cc19] Enable dbus instance and json output support
   * [27c6d55] syslog is now socket activated
   * [7e2267b] Move to dh41
   * [d0bf9db] there is not systemd sequence in dh41
   * [903a5a0] dh-autoreconf dep is not needed anymore with dh41
   * [c4996bd] Priority extra got replaced by optional
   * [822da17] Remove obsolete patches
   * [1c36cdc] New upstream version 2.0.10
     - Fix overflow in extract_status_code (CVE-2018-19115)
       Closes: #914393, #900260
     - Improve garp refresh handling (Closes: #810347)
     - Improve config parser (Closes: #909697)
   * [990c014] Improve keepalived service (Closes: #902978, #830196)
Checksums-Sha1:
 c611f5fb693d49f2aaac1ef1d6d7ebdfcd56b314 2054 keepalived_2.0.10-1.dsc
 c0b62f6d20a4a322e4bd67b4ae447bb842c28c4c 927631 keepalived_2.0.10.orig.tar.gz
 5e3bc91f4bcbb39067e8a4283c82cb14f09896ba 10124 keepalived_2.0.10-1.debian.tar.xz
 ec9e27ed8ea868d1e35118fb6a81027cc4a0f6e8 7638 keepalived_2.0.10-1_amd64.buildinfo
Checksums-Sha256:
 e9b03181b770cee745d6b27e9827b20d1e241b73cd8193d50d872bafa09006ba 2054 keepalived_2.0.10-1.dsc
 40e0e55afed9ca313d621a9c5878579696fafb5504dab521aadaf20ba6e7f597 927631 keepalived_2.0.10.orig.tar.gz
 882e4d76ec1dea0aa865f092956ced5be0950e419681700ad70162635d230c05 10124 keepalived_2.0.10-1.debian.tar.xz
 dfc65817bd9ead59fee18bf0adfa37b75e7fb024b4c7b4985cb1ad1d4762a0d9 7638 keepalived_2.0.10-1_amd64.buildinfo
Files:
 ffc64cfd50834d6025f571617ff7131d 2054 admin optional keepalived_2.0.10-1.dsc
 ac93d7eb5b69a9fbf7494fcf27b39ccf 927631 admin optional keepalived_2.0.10.orig.tar.gz
 5196b8fba5962d72eda10925c88c7f36 10124 admin optional keepalived_2.0.10-1.debian.tar.xz
 aef5c84d1e23a54ea8887639aba7aa2e 7638 admin optional keepalived_2.0.10-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbjlmweHRXblz0FtJHkX4yp3iOxYFAlwBnx8ACgkQHkX4yp3i
OxYEEA//dEXQ7ny9CCaadLccLkbkkAkSss0JvxOYl3eTQFWh+neIwC8Nv/zbGJpF
cG4Mc5J1kTMAlv96gQq7JzdKY/qEc0z6LY+gi1oYLX6Um6/tO9cb4+dc/tz/PGY7
9l9+TfToByJ1J1T1biBv7T2vIwvF9umRctRmH5Sx7hBPSe+J/aut0zl8FgS+ezH6
DPPCL6Suwxiy8g9vjMdAcPKvHNyAq3ubW5YXKVhEvy+M2g4Q2Q7eqEsnQk0Odsb+
ArfyXPo4n7+v2zVZsQU9hdYObz9TFXfvOGAsXyPdcTCtyBkAdL7NKjBeZXhHfQ3X
lJfEcz4fFjTjZRzD0w3BT4h7BOjvKEzClB4sLLESztsQkcPb2JjpZ/J3ZJhEN74n
E1m3vhLku67RRY1cqsfVihL+vLa103e49aOp3505LSegmZH/oOx6sa8Pz0cBAJzk
dwy5p7jCcbPp6oqjTSzRUxeMI4ksBhClAi3x63eECErWOLANGt0ov6AIr6RIZetR
LIhk66qwZWT0iAEhw0LEWF59vSJwbdtQZOqHOnojZ7lYZMTEVn3fdYaNu01JuM2L
yKQ+mjOVyw6zmFkftiqtcNv+1foWJkTkOk4+1lSrh/lOxOI8mS0Qws+ZfSl74X4Z
hf4VFSULlEcyHpw5hz+nfAAzI/OmuggdHLnV5924osAUI71as5I=
=IpF7
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.