A keepalived security update has been released for Debian GNU/Linux 9 Extended LTS to address two security vulnerabilities.
ELA-834-1 keepalived security update
Package : keepalived
ELA-834-1 keepalived security update
Version : 1:1.3.2-1+deb9u1 (stretch)
Related CVEs :
CVE-2018-19115
CVE-2021-44225
Two security vulnerabilities were found in keepalived, a failover and
monitoring daemon for LVS clusters.
CVE-2018-19115
keepalived has a heap-based buffer overflow when parsing HTTP
status codes resulting in DoS or possibly unspecified other impact, because
extract_status_code in lib/html.c has no validation of the status code and
instead writes an unlimited amount of data to the heap.
CVE-2021-44225
A flaw was found in keepalived where an improper authentication
vulnerability allows an unprivileged user to change properties that could
lead to an access-control bypass.
