diff -Nru keepalived-1.3.9/debian/changelog keepalived-1.3.9/debian/changelog
--- keepalived-1.3.9/debian/changelog	2019-06-07 13:23:27.000000000 +0000
+++ keepalived-1.3.9/debian/changelog	2022-01-21 17:00:47.000000000 +0000
@@ -1,8 +1,17 @@
-keepalived (1:1.3.9-1ubuntu0.18.04.2~cloud1) xenial-queens; urgency=medium
+keepalived (1:1.3.9-1ubuntu0.18.04.3~cloud1) xenial-queens; urgency=medium
 
   * New update for the Ubuntu Cloud Archive.
 
- -- Openstack Ubuntu Testing Bot <openstack-testing-bot@ubuntu.com>  Fri, 07 Jun 2019 13:23:27 +0000
+ -- Openstack Ubuntu Testing Bot <openstack-testing-bot@ubuntu.com>  Fri, 21 Jan 2022 17:00:47 +0000
+
+keepalived (1:1.3.9-1ubuntu0.18.04.3) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: Access-control bypass
+    - debian/patches/CVE-2021-44225.patch: fix policy to not
+      be overly broad in dbus/org.keepalived.Vrrp1.conf.
+    - CVE-2021-44225
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Thu, 02 Dec 2021 10:30:45 -0300
 
 keepalived (1:1.3.9-1ubuntu0.18.04.2) bionic-security; urgency=medium
 
diff -Nru keepalived-1.3.9/debian/patches/CVE-2021-44225.patch keepalived-1.3.9/debian/patches/CVE-2021-44225.patch
--- keepalived-1.3.9/debian/patches/CVE-2021-44225.patch	1970-01-01 00:00:00.000000000 +0000
+++ keepalived-1.3.9/debian/patches/CVE-2021-44225.patch	2021-12-02 13:29:07.000000000 +0000
@@ -0,0 +1,38 @@
+From 7977fec0be89ae6fe87405b3f8da2f0b5e415e3d Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <vincent@bernat.ch>
+Date: Tue, 23 Nov 2021 06:50:59 +0100
+Subject: [PATCH] dbus: fix policy to not be overly broad
+
+The DBus policy did not restrict the message destination, allowing any
+user to inspect and manipulate any property.
+
+Signed-off-by: Vincent Bernat <vincent@bernat.ch>
+---
+ keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
+index 2b78a575c..b5ced6085 100644
+--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
++++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
+@@ -3,12 +3,15 @@
+  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ 	<policy user="root">
+-		<allow own="org.keepalived.Vrrp1"/>
+-		<allow send_destination="org.keepalived.Vrrp1"/>
++		<allow own="org.keepalived.Vrrp1" />
++		<allow send_destination="org.keepalived.Vrrp1" />
+ 	</policy>
+ 	<policy context="default">
+-		<allow send_interface="org.freedesktop.DBus.Introspectable" />
+-		<allow send_interface="org.freedesktop.DBus.Peer" />
+-		<allow send_interface="org.freedesktop.DBus.Properties" />
++		<allow send_destination="org.keepalived.Vrrp1"
++		       send_interface="org.freedesktop.DBus.Introspectable" />
++		<allow send_destination="org.keepalived.Vrrp1"
++		       send_interface="org.freedesktop.DBus.Peer" />
++		<allow send_destination="org.keepalived.Vrrp1"
++		       send_interface="org.freedesktop.DBus.Properties" />
+ 	</policy>
+ </busconfig>
diff -Nru keepalived-1.3.9/debian/patches/series keepalived-1.3.9/debian/patches/series
--- keepalived-1.3.9/debian/patches/series	2019-02-14 15:58:43.000000000 +0000
+++ keepalived-1.3.9/debian/patches/series	2021-12-02 13:29:07.000000000 +0000
@@ -1,2 +1,3 @@
 fix-removing-left-over-addresses-if-keepalived-abort.patch
 CVE-2018-19115.patch
+CVE-2021-44225.patch