Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Ubuntu 19.10: 4174-1 Critical Issue with HAproxy Access Detected

Calendar Nov 05, 2019 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory privilege escalation access issue ubuntu http request haproxy
HAproxy would allow unintended access if ii received specially crafted HTTP request. 
=========================================================================Ubuntu Security Notice USN-4174-1
November 05, 2019

haproxy vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.10
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

HAproxy would allow unintended access if ii received specially crafted
HTTP request.

Software Description:
- haproxy: fast and reliable load balancing reverse proxy

Details:

It was discovered that HAproxy incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to a privilege escalation
(Request Smuggling).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  haproxy                         2.0.5-1ubuntu0.2

Ubuntu 19.04:
  haproxy                         1.8.19-1ubuntu1.2

Ubuntu 18.04 LTS:
  haproxy                         1.8.8-1ubuntu0.7

Ubuntu 16.04 LTS:
  haproxy                         1.6.3-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4174-1
  CVE-2019-18277

Package Information:
  https://launchpad.net/ubuntu/+source/haproxy/2.0.5-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/haproxy/1.8.19-1ubuntu1.2
  https://launchpad.net/ubuntu/+source/haproxy/1.8.8-1ubuntu0.7
  https://launchpad.net/ubuntu/+source/haproxy/1.6.3-1ubuntu0.3

Ubuntu 19.10: 4174-1 Critical Issue with HAproxy Access Detected

ubuntu
Calendar Grey November 5, 2019
Dist Ubuntu Esm H88
A security flaw in HAproxy permits unauthorized entry through specially formed HTTP requests, impacting several editions of Ubuntu. Discover additional details here.
HAproxy would allow unintended access if ii received specially crafted HTTP request.

Summary

Topics%20covered

Topics Covered

security advisory privilege escalation access issue ubuntu http request haproxy

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: haproxy 2.0.5-1ubuntu0.2 Ubuntu 19.04: haproxy 1.8.19-1ubuntu1.2 Ubuntu 18.04 LTS: haproxy 1.8.8-1ubuntu0.7 Ubuntu 16.04 LTS: haproxy 1.6.3-1ubuntu0.3 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4174-1

CVE-2019-18277

Severity
critical
Lowest
Low
Medium
High
Critical

November 05, 2019

Topics%20covered

Topics Covered

security advisory privilege escalation access issue ubuntu http request haproxy

Package Information

https://launchpad.net/ubuntu/+source/haproxy/2.0.5-1ubuntu0.2 https://launchpad.net/ubuntu/+source/haproxy/1.8.19-1ubuntu1.2 https://launchpad.net/ubuntu/+source/haproxy/1.8.8-1ubuntu0.7 https://launchpad.net/ubuntu/+source/haproxy/1.6.3-1ubuntu0.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here