Explore top 10 tips to secure your open-source projects now. Read More
×
This update for haproxy to version 1.8.14 fixes the following issues: These security issues were fixed: - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpack_valid_idx() that resulted in a remote crash and denial of service (bsc#1108683) - CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header allowed attackers to achieve information disclosure via an unauthenticated remote request (bsc#1094846). These non-security issues were fixed: - Require apparmor-abstractions to reduce dependencies (bsc#1100787) - hpack: fix improper sign check on the header index value - cli: make sure the "getsock" command is only called on connections - tools: fix set_net_port() / set_host_port() on IPv4
#1094846 #1100787 #1108683
Cross- CVE-2018-11469 CVE-2018-14645
Affected Products:
SUSE Linux Enterprise High Availability 15
https://www.suse.com/security/cve/CVE-2018-11469.html
https://www.suse.com/security/cve/CVE-2018-14645.html
https://bugzilla.suse.com/1094846
https://bugzilla.suse.com/1100787
https://bugzilla.suse.com/1108683
Get the latest Linux and open source security news straight to your inbox.