Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 29: 2018-cb66bc33e6 Critical: HAProxy Denial of Service

fedora
Calendar Grey January 11, 2019
Dist Fedora Esm H88
CentOS 8 security patch for Nginx addresses buffer overflow vulnerabilities and service interruption risks. Keep your devices synchronized with the latest updates!
Update to 1.8.15

Summary

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high

availability environments. Indeed, it can:

- route HTTP requests depending on statically assigned cookies

- spread load among several servers while assuring server persistence

through the use of HTTP cookies

- switch to backup servers in the event a main one fails

- accept connections to special ports dedicated to service monitoring

- stop accepting connections without breaking existing ones

- add, modify, and delete HTTP headers in both directions

- block requests matching particular patterns

- report detailed status to authenticated users from a URI

intercepted from the application

Update to 1.8.15

* Thu Dec 13 2018 Ryan O'Hara - 1.8.15-1

- Update to 1.8.15

- Fix denial of service attack via infinite recursion (CVE-2018-20103, #1658881)

- Fix out-of-bound reads in dns_validate_dns_response (CVE-2018-20102, #1658882)

* Sat Dec 1 2018 Ryan O'Hara - 1.8.14-2

- Use of crpyt() is not thread safe (#1643941)

[ 1 ] Bug #1658881 - CVE-2018-20103 haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1658881

[ 2 ] Bug #1658882 - CVE-2018-20102 haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1658882

su -c 'dnf upgrade --advisory FEDORA-2018-cb66bc33e6' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora DoS memory disclosure HAProxy

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 1.8.15
Release: 1.fc29
URL: http://www.haproxy.org/
Summary: HAProxy reverse proxy for high availability environments

Topics%20covered

Topics Covered

security advisory Fedora DoS memory disclosure HAProxy

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here