Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Scientific Linux: 2013-0868-1 Moderate: haproxy Buffer Overflow Advisory

Scientific Large Esm H446
Moderate: haproxy security update
Date: Tue, 28 May 2013 09:41:15 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
am-utils-6.1.5-5.el5_9.i386.rpm
libbdevid-python-5.1.19.6-80.el5_9.i386.rpm
mkinitrd-5.1.19.6-80.el5_9.i386.rpm
mkinitrd-devel-5.1.19.6-80.el5_9.i386.rpm
nash-5.1.19.6-80.el5_9.i386.rpm
rgmanager-2.0.52-37.el5_9.2.i386.rpm

x86_64:
am-utils-6.1.5-5.el5_9.x86_64.rpm
libbdevid-python-5.1.19.6-80.el5_9.x86_64.rpm
mkinitrd-5.1.19.6-80.el5_9.i386.rpm
mkinitrd-5.1.19.6-80.el5_9.x86_64.rpm
mkinitrd-devel-5.1.19.6-80.el5_9.i386.rpm
mkinitrd-devel-5.1.19.6-80.el5_9.x86_64.rpm
nash-5.1.19.6-80.el5_9.x86_64.rpm
rgmanager-2.0.52-37.el5_9.2.x86_64.rpm
Date: Tue, 28 May 2013 19:42:40 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: haproxy on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: haproxy security update
Advisory ID: SLSA-2013:0868-1
Issue Date: 2013-05-28
CVE Numbers: CVE-2013-1912
--

A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP
requests. A remote attacker could send pipelined HTTP requests that would
cause HAProxy to crash or, potentially, execute arbitrary code with the
privileges of the user running HAProxy. This issue only affected systems
using all of the following combined configuration options: HTTP keep alive
enabled, HTTP keywords in TCP inspection rules, and request appending
rules. (CVE-2013-1912)
--

SL6
 x86_64
 haproxy-1.4.22-4.el6_4.x86_64.rpm
 haproxy-debuginfo-1.4.22-4.el6_4.x86_64.rpm
 i386
 haproxy-1.4.22-4.el6_4.i686.rpm
 haproxy-debuginfo-1.4.22-4.el6_4.i686.rpm

The following packages were added for dependency resolution
SL6
 x86_64
 setup-2.8.14-20.el6.noarch.rpm
 i386
 setup-2.8.14-20.el6.noarch.rpm

- Scientific Linux Development Team