-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : icecast2 Version : 1:1.2.13-1+deb8u1 CVE ID : CVE-2018-19115 Debian Bug : 914393
keepalived has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. For Debian 8 "Jessie", this problem has been fixed in version 1:1.2.13-1+deb8u1. We recommend that you upgrade your keepalived packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlv7/ZkACgkQhj1N8u2c KO+05A/9F+Y82YO9nV6g/rSdPuMexZfevHmLuuOdrcZASbzjVU7/647vVtXgtM+a CLOElQtPxnsf6CzTTFaxiPnF4oyep4lu+l4Us9IxvNTi7NrpEdgz0wdU4+EfdLMG pjNNxG1pHeq1FWVaIvgd9L45GHiSTUiGK/A3azcH8Ys7Iy86IymEcQQ+TeMhBoEg wbrcIHJrth9ovdUKVryz1oWhxNv6qpRA2ZMg4jtPLiuDqY03wxLupDkEOSi5TwFb QQMWFZYxRtDqyTGdHyFVU1nM0KeYGVFOW5Ru5DB3YYZKK6rQQpQXBZ4bGa0ZWyKy nS7+NIRBEmi/NbBdZiW+RnHLRk1QneScVQz4390xSC4+CNcOX9AhQ6iaNDQaX98K 0lWyI13vtTB2eqzkQ/gB4WpGX3snsGWMnotamc9UvY2z2IkSX+XPMox8geNYpK3j iCjLv+4+kmQs35EzDBgpbY+g68e4WUDeE/quOzGKNSDFP7jIfvzWK0khTEuRHCpK CoUjpN2LZarFlwxSdP01rPH45n7CNoGMKxikpgkO5o1nvrK4NI4wAcPSsstcxaCv ELDBoeBW1HpMcxWtpd9ECBSp5YpruyeRmRq1rrt0vBc1/wl+JEhViIpkTexEbe2+ aDV8m8hupvOlcsFOH6Mlp+veUVcRMzEkTAFtx3G2evMhp5AcC44= =zf3/ -----END PGP SIGNATURE-----
