Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Fedora 29: FEDORA-2018-cb66bc33e6 Critical: HAProxy DoS Fix

fedora
Calendar Grey January 11, 2019
Dist Fedora Esm H88
The upgrade to HAProxy 1.8.15 for Fedora 29 resolves significant security vulnerabilities and improves overall reliability.
Update to 1.8.15

Summary

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high

availability environments. Indeed, it can:

- route HTTP requests depending on statically assigned cookies

- spread load among several servers while assuring server persistence

through the use of HTTP cookies

- switch to backup servers in the event a main one fails

- accept connections to special ports dedicated to service monitoring

- stop accepting connections without breaking existing ones

- add, modify, and delete HTTP headers in both directions

- block requests matching particular patterns

- report detailed status to authenticated users from a URI

intercepted from the application

Update to 1.8.15

* Thu Dec 13 2018 Ryan O'Hara - 1.8.15-1

- Update to 1.8.15

- Fix denial of service attack via infinite recursion (CVE-2018-20103, #1658881)

- Fix out-of-bound reads in dns_validate_dns_response (CVE-2018-20102, #1658882)

* Sat Dec 1 2018 Ryan O'Hara - 1.8.14-2

- Use of crpyt() is not thread safe (#1643941)

[ 1 ] Bug #1658881 - CVE-2018-20103 haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1658881

[ 2 ] Bug #1658882 - CVE-2018-20102 haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1658882

su -c 'dnf upgrade --advisory FEDORA-2018-cb66bc33e6' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory denial of service update Fedora out-of-bounds HAProxy massive recursion

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 1.8.15
Release: 1.fc29
URL: http://www.haproxy.org/
Summary: HAProxy reverse proxy for high availability environments

Topics%20covered

Topics Covered

security advisory denial of service update Fedora out-of-bounds HAProxy massive recursion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here