Fedora 40: FEDORA-2024-39913e097a Critical: haproxy DoS Issue
fedora
September 13, 2024
Update to 2.9.10 (CVE-2024-45506)
Summary
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
- route HTTP requests depending on statically assigned cookies
- spread load among several servers while assuring server persistence
through the use of HTTP cookies
- switch to backup servers in the event a main one fails
- accept connections to special ports dedicated to service monitoring
- stop accepting connections without breaking existing ones
- add, modify, and delete HTTP headers in both directions
- block requests matching particular patterns
- report detailed status to authenticated users from a URI
intercepted from the application
Update Information:
Update to 2.9.10 (CVE-2024-45506)
Topics Covered
Change Log
* Wed Sep 4 2024 Ryan O'Hara
References
[ 1 ] Bug #2309744 - CVE-2024-45506 haproxy: potential infinite loop condition in the h2_send() may trigger a DoS [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2309744
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-39913e097a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: haproxy
Product: Fedora 40
Version: 2.9.10
Release: 1.fc40
Summary: HAProxy reverse proxy for high availability environments
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!