Bug 3262 - [UPDATE REQUEST] [UPSTREAM UPDATE] haproxy
: [UPDATE REQUEST] [UPSTREAM UPDATE] haproxy
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-28 13:20 MSK by Andrew Lukoshko
Modified: 2013-12-03 13:56 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-11-28 13:20:32 MSK
A flaw was found in the way HAProxy handled requests when the proxy's
configuration ("/etc/haproxy/haproxy.cfg") had certain rules that use the
hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy
instances that use the affected configuration. (CVE-2013-2175)

https://rhn.redhat.com/errata/RHSA-2013-1120.html

https://abf.rosalinux.ru/build_lists/1390991
https://abf.rosalinux.ru/build_lists/1390996
Comment 1 Vladimir Potapov 2013-12-03 12:19:03 MSK
haproxy-1.4.22-5.res6
********************* RHEL Advisory ************************
A flaw was found in the way HAProxy handled requests when the proxy's
configuration ("/etc/haproxy/haproxy.cfg") had certain rules that use the
hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy
instances that use the affected configuration. (CVE-2013-2175)
************************************************************
QA Verified