Red Hat Product Errata RHSA-2019:0022 - Security Advisory
Issued:
2019-01-03
Updated:
2019-01-03

RHSA-2019:0022 - Security Advisory

Synopsis

Important: keepalived security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for keepalived is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.

Security Fix(es):

  • keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution (CVE-2018-19115)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1651871 - CVE-2018-19115 keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution

Red Hat Enterprise Linux Server 7

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
x86_64
keepalived-1.3.5-8.el7_6.x86_64.rpm SHA-256: a40c961e7bd0d6d871ba311f6a4c8123b138c432f0914efd64a0645e6bddde6d
keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm SHA-256: 86901e2b14d122fe9d9aa5b9809dc60c9c5ac9dcc5e574f3c5dbafe5249745ec

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
x86_64
keepalived-1.3.5-8.el7_6.x86_64.rpm SHA-256: a40c961e7bd0d6d871ba311f6a4c8123b138c432f0914efd64a0645e6bddde6d
keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm SHA-256: 86901e2b14d122fe9d9aa5b9809dc60c9c5ac9dcc5e574f3c5dbafe5249745ec

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
x86_64
keepalived-1.3.5-8.el7_6.x86_64.rpm SHA-256: a40c961e7bd0d6d871ba311f6a4c8123b138c432f0914efd64a0645e6bddde6d
keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm SHA-256: 86901e2b14d122fe9d9aa5b9809dc60c9c5ac9dcc5e574f3c5dbafe5249745ec

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
x86_64
keepalived-1.3.5-8.el7_6.x86_64.rpm SHA-256: a40c961e7bd0d6d871ba311f6a4c8123b138c432f0914efd64a0645e6bddde6d
keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm SHA-256: 86901e2b14d122fe9d9aa5b9809dc60c9c5ac9dcc5e574f3c5dbafe5249745ec

Red Hat Enterprise Linux Workstation 7

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
x86_64
keepalived-1.3.5-8.el7_6.x86_64.rpm SHA-256: a40c961e7bd0d6d871ba311f6a4c8123b138c432f0914efd64a0645e6bddde6d
keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm SHA-256: 86901e2b14d122fe9d9aa5b9809dc60c9c5ac9dcc5e574f3c5dbafe5249745ec

Red Hat Enterprise Linux for Power, little endian 7

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
ppc64le
keepalived-1.3.5-8.el7_6.ppc64le.rpm SHA-256: f7524969bb0345948264086bee8d78b2c34963bbec475b9d4d691282ca2c99d1
keepalived-debuginfo-1.3.5-8.el7_6.ppc64le.rpm SHA-256: 7e9efd9874dec69836455a2ff9ef28204747809d64cf454d1cf8f4b4642b651b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
ppc64le
keepalived-1.3.5-8.el7_6.ppc64le.rpm SHA-256: f7524969bb0345948264086bee8d78b2c34963bbec475b9d4d691282ca2c99d1
keepalived-debuginfo-1.3.5-8.el7_6.ppc64le.rpm SHA-256: 7e9efd9874dec69836455a2ff9ef28204747809d64cf454d1cf8f4b4642b651b

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
x86_64
keepalived-1.3.5-8.el7_6.x86_64.rpm SHA-256: a40c961e7bd0d6d871ba311f6a4c8123b138c432f0914efd64a0645e6bddde6d
keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm SHA-256: 86901e2b14d122fe9d9aa5b9809dc60c9c5ac9dcc5e574f3c5dbafe5249745ec

Red Hat Enterprise Linux for ARM 64 7

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
aarch64
keepalived-1.3.5-8.el7_6.aarch64.rpm SHA-256: 10ee5e4669023bd45d70b934c26e575f8f0c281e8dfcf1c769133be9438543b6
keepalived-debuginfo-1.3.5-8.el7_6.aarch64.rpm SHA-256: 2d5a5ab06d910bc9f4799e91206d2fdcfe003f903dbec4d673577b9318e2fe80

Red Hat Enterprise Linux for Power 9 7

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
ppc64le
keepalived-1.3.5-8.el7_6.ppc64le.rpm SHA-256: f7524969bb0345948264086bee8d78b2c34963bbec475b9d4d691282ca2c99d1
keepalived-debuginfo-1.3.5-8.el7_6.ppc64le.rpm SHA-256: 7e9efd9874dec69836455a2ff9ef28204747809d64cf454d1cf8f4b4642b651b

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
ppc64le
keepalived-1.3.5-8.el7_6.ppc64le.rpm SHA-256: f7524969bb0345948264086bee8d78b2c34963bbec475b9d4d691282ca2c99d1
keepalived-debuginfo-1.3.5-8.el7_6.ppc64le.rpm SHA-256: 7e9efd9874dec69836455a2ff9ef28204747809d64cf454d1cf8f4b4642b651b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
x86_64
keepalived-1.3.5-8.el7_6.x86_64.rpm SHA-256: a40c961e7bd0d6d871ba311f6a4c8123b138c432f0914efd64a0645e6bddde6d
keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm SHA-256: 86901e2b14d122fe9d9aa5b9809dc60c9c5ac9dcc5e574f3c5dbafe5249745ec

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
keepalived-1.3.5-8.el7_6.src.rpm SHA-256: 36ef1335de59a7b968df87db086965e42138de22b3d1807bc0f7374aab098e2d
ppc64le
keepalived-1.3.5-8.el7_6.ppc64le.rpm SHA-256: f7524969bb0345948264086bee8d78b2c34963bbec475b9d4d691282ca2c99d1
keepalived-debuginfo-1.3.5-8.el7_6.ppc64le.rpm SHA-256: 7e9efd9874dec69836455a2ff9ef28204747809d64cf454d1cf8f4b4642b651b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.