SCIENTIFIC-LINUX-ERRATA Archives

May 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: haproxy on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 28 May 2013 19:42:40 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (32 lines) 
Synopsis:          Moderate: haproxy security update
Advisory ID:       SLSA-2013:0868-1
Issue Date:        2013-05-28
CVE Numbers:       CVE-2013-1912
--

A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP
requests. A remote attacker could send pipelined HTTP requests that would
cause HAProxy to crash or, potentially, execute arbitrary code with the
privileges of the user running HAProxy. This issue only affected systems
using all of the following combined configuration options: HTTP keep alive
enabled, HTTP keywords in TCP inspection rules, and request appending
rules. (CVE-2013-1912)
--

SL6
  x86_64
    haproxy-1.4.22-4.el6_4.x86_64.rpm
    haproxy-debuginfo-1.4.22-4.el6_4.x86_64.rpm
  i386
    haproxy-1.4.22-4.el6_4.i686.rpm
    haproxy-debuginfo-1.4.22-4.el6_4.i686.rpm

The following packages were added for dependency resolution
SL6
  x86_64
     setup-2.8.14-20.el6.noarch.rpm
  i386
     setup-2.8.14-20.el6.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2