Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 21.04 and 20.04 LTS: USN-5063-1 Critical HAProxy Risks

ubuntu
Calendar Grey September 8, 2021
Dist Ubuntu Esm H88
Ubuntu versions 21.04 and 20.04 LTS are vulnerable due to HAProxy issues that could lead to confidential data leaks. Apply updates immediately!
HAProxy could be made to expose sensitive information over the network.

Summary

HAProxy could be made to expose sensitive information over the network.

Software Description:

- haproxy: fast and reliable load balancing reverse proxy

Details:

Ori Hollander discovered that HAProxy incorrectly handled HTTP header name

length encoding. A remote attacker could possibly use this issue to inject

a duplicate content-length header and perform request smuggling attacks.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  haproxy                         2.2.9-1ubuntu0.2

Ubuntu 20.04 LTS:
  haproxy                         2.0.13-2ubuntu0.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5063-1

CVE-2021-40346

Severity
critical
Lowest
Low
Medium
High
Critical

September 08, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.