Описание
ELSA-2019-0022: keepalived security update (IMPORTANT)
[1.3.5-8]
- Fixed patch that was incorrectly removed (#1652694)
[1.3.5-7]
- Fix buffer overflow when parsing HTTP status codes (#1652694)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
keepalived
1.3.5-8.el7_6
Oracle Linux x86_64
keepalived
1.3.5-8.el7_6
Связанные CVE
Связанные уязвимости
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.