SCIENTIFIC-LINUX-ERRATA Archives

May 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Content-Transfer-Encoding:
7bit
Sender:
Security Errata for Scientific Linux <[log in to unmask]>
Subject:
Security ERRATA Moderate: haproxy on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Date:
Tue, 28 May 2013 19:42:40 +0000
MIME-Version:
1.0
Content-Type:
text/plain; charset="utf-8"
Reply-To:
[log in to unmask]
Parts/Attachments:
text/plain (32 lines) 
Synopsis:          Moderate: haproxy security update
Advisory ID:       SLSA-2013:0868-1
Issue Date:        2013-05-28
CVE Numbers:       CVE-2013-1912
--

A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP
requests. A remote attacker could send pipelined HTTP requests that would
cause HAProxy to crash or, potentially, execute arbitrary code with the
privileges of the user running HAProxy. This issue only affected systems
using all of the following combined configuration options: HTTP keep alive
enabled, HTTP keywords in TCP inspection rules, and request appending
rules. (CVE-2013-1912)
--

SL6
  x86_64
    haproxy-1.4.22-4.el6_4.x86_64.rpm
    haproxy-debuginfo-1.4.22-4.el6_4.x86_64.rpm
  i386
    haproxy-1.4.22-4.el6_4.i686.rpm
    haproxy-debuginfo-1.4.22-4.el6_4.i686.rpm

The following packages were added for dependency resolution
SL6
  x86_64
     setup-2.8.14-20.el6.noarch.rpm
  i386
     setup-2.8.14-20.el6.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2