安全公告详情

NS-SA-2019-0051

2019-07-17 14:56:37

简介

important: systemd/keepalived security update

严重级别

important

主题

An update for systemd/keepalived is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

systemd: systemd-journal-gatewayd serves journal events over the network using HTTP.
keepalived: Keepalived provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used Linux Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according their health. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.


Security Fix(es):
systemd: It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)
systemd: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.(CVE-2018-16865)
systemd: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.(CVE-2018-16864)
systemd: bugfix
keepalived: Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer.(CVE-2018-19115)
keepalived: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F9.

影响组件

  • systemd
  • keepalived

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["systemd-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","systemd-debuginfo-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","systemd-devel-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","systemd-journal-gateway-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","systemd-libs-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","systemd-networkd-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","systemd-python-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","systemd-resolved-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","systemd-sysv-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","libgudev1-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm","libgudev1-devel-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.x86_64.rpm"],"source":"systemd-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee.src.rpm"},{"binary":["keepalived-1.3.5-8.el7_6.x86_64.rpm","keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm"],"source":"keepalived-1.3.5-8.el7_6.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["systemd-python-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","systemd-resolved-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","systemd-sysv-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","systemd-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","libgudev1-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","libgudev1-devel-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","systemd-debuginfo-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","systemd-devel-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","systemd-journal-gateway-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","systemd-libs-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm","systemd-networkd-219-62.el7_6.2.cgslv5.0.13.g055face.lite.x86_64.rpm"],"source":"systemd-219-62.el7_6.2.cgslv5.0.13.g055face.lite.src.rpm"},{"binary":["keepalived-1.3.5-8.el7_6.x86_64.rpm","keepalived-debuginfo-1.3.5-8.el7_6.x86_64.rpm"],"source":"keepalived-1.3.5-8.el7_6.src.rpm"}]}]}

CVE

参考