openSUSE: 2019:2626-1: important: haproxy

    Date 03 Dec 2019
    Posted By LinuxSecurity Advisories
    An update that solves one vulnerability and has three fixes is now available.
       openSUSE Security Update: Security update for haproxy
    Announcement ID:    openSUSE-SU-2019:2626-1
    Rating:             important
    References:         #1082318 #1154980 #1157712 #1157714 
    Cross-References:   CVE-2019-18277
    Affected Products:
                        openSUSE Leap 15.0
       An update that solves one vulnerability and has three fixes
       is now available.
       This update for haproxy to version 2.0.10 fixes the following issues:
       HAProxy was updated to 2.0.10
       Security issues fixed:
       - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with
         transfer-encoding header missing the "chunked" (bsc#1154980).
       - Fixed an improper handling of headers which could have led to injecting
         LFs in H2-to-H1 transfers creating new attack space (bsc#1157712)
       - Fixed an issue where HEADER frames in idle streams are not rejected and
         thus trying to decode them HAPrpxy crashes (bsc#1157714).
       Other issue addressed:
       - Macro change in the spec file (bsc#1082318)
       More information regarding the release at:;a=commit;h=ac198b92d461515551b95d
       This update was imported from the SUSE:SLE-15:Update update project.
    Patch Instructions:
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - openSUSE Leap 15.0:
          zypper in -t patch openSUSE-2019-2626=1
    Package List:
       - openSUSE Leap 15.0 (x86_64):

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200


    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.