Debian: DSA-5388-1: haproxy security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5388-1                   [email protected]
https://www.debian.org/security/                     Salvatore Bonaccorso
April 13, 2023                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : haproxy
CVE ID         : CVE-2023-0836

It was reported that HAProxy, a fast and reliable load balancing reverse
proxy, does not properly initialize connection buffers when encoding the
FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this
flaw to cause an information leak.

For the stable distribution (bullseye), this problem has been fixed in
version 2.2.9-2+deb11u5.

We recommend that you upgrade your haproxy packages.

For the detailed security status of haproxy please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/haproxy

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Debian: DSA-5388-1: haproxy security update

April 13, 2023
It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record

Summary

For the stable distribution (bullseye), this problem has been fixed in
version 2.2.9-2+deb11u5.

We recommend that you upgrade your haproxy packages.

For the detailed security status of haproxy please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/haproxy

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Severity
It was reported that HAProxy, a fast and reliable load balancing reverse
proxy, does not properly initialize connection buffers when encoding the
FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this
flaw to cause an information leak.

Related News

Chinese Hackers Using KEYPLUG Backdoor to Attack Windows & Linux Systems

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Government Issues ‘High’ Severity Security Alert for THESE Google Users

Critical Local Privilege Escalation Vulnerability in Linux kernel. Patch immediately

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy