LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: haproxy security update
Advisory ID:       SLSA-2013:0868-1
Issue Date:        2013-05-28
CVE Numbers:       CVE-2013-1912
--

A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP
requests. A remote attacker could send pipelined HTTP requests that would
cause HAProxy to crash or, potentially, execute arbitrary code with the
privileges of the user running HAProxy. This issue only affected systems
using all of the following combined configuration options: HTTP keep alive
enabled, HTTP keywords in TCP inspection rules, and request appending
rules. (CVE-2013-1912)
--

SL6
  x86_64
    haproxy-1.4.22-4.el6_4.x86_64.rpm
    haproxy-debuginfo-1.4.22-4.el6_4.x86_64.rpm
  i386
    haproxy-1.4.22-4.el6_4.i686.rpm
    haproxy-debuginfo-1.4.22-4.el6_4.i686.rpm

The following packages were added for dependency resolution
SL6
  x86_64
     setup-2.8.14-20.el6.noarch.rpm
  i386
     setup-2.8.14-20.el6.noarch.rpm

- Scientific Linux Development Team