Explore top 10 tips to secure your open-source projects now. Read More
×
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
HAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.
An implementation error related to the memory management of request and
responses was found within HAProxy's buffer_slow_realign() function.
An unauthenticated remote attacker could possibly use this flaw to leak
certain memory buffer contents from a past request or session.
(CVE-2015-3281)
All haproxy users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
https://access.redhat.com/security/cve/CVE-2015-3281 https://access.redhat.com/security/updates/classification/#important
Red Hat Enterprise Linux Load Balancer (v. 6):
Source:
haproxy-1.5.4-2.el6_7.1.src.rpm
i386:
haproxy-1.5.4-2.el6_7.1.i686.rpm
haproxy-debuginfo-1.5.4-2.el6_7.1.i686.rpm
x86_64:
haproxy-1.5.4-2.el6_7.1.x86_64.rpm
haproxy-debuginfo-1.5.4-2.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
haproxy-1.5.4-4.el7_1.1.src.rpm
x86_64:
haproxy-1.5.4-4.el7_1.1.x86_64.rpm
haproxy-debuginfo-1.5.4-4.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
haproxy-1.5.4-4.el7_1.1.src.rpm
x86_64:
haproxy-1.5.4-4.el7_1.1.x86_64.rpm
haproxy-debuginfo-1.5.4-4.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
An updated haproxy package that fixes one security issue is now availablefor Red Hat Enterprise Linux 6 and 7.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.
Red Hat Enterprise Linux Load Balancer (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
1239072 - CVE-2015-3281 haproxy: information leak in buffer_slow_realign()
Get the latest Linux and open source security news straight to your inbox.