Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Ubuntu 16.04 LTS USN-7135-1 critical: HAProxy authentication bypass

Calendar Dec 03, 2024 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory access control Ubuntu remote threat authentication bypass network services haproxy
HAProxy could allow unintended access to network services. 
==========================================================================
Ubuntu Security Notice USN-7135-1
December 03, 2024

haproxy vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

HAProxy could allow unintended access to network services.

Software Description:
- haproxy: fast and reliable load balancing reverse proxy

Details:

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
   haproxy                         1.6.3-1ubuntu0.3+esm2
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7135-1
   CVE-2023-25725

Ubuntu 16.04 LTS USN-7135-1 critical: HAProxy authentication bypass

ubuntu
Calendar Grey December 3, 2024
Dist Ubuntu Esm H88
An issue with HAProxy on Ubuntu 16.04 LTS may enable unauthorized access to the network. Critical updates have been released.
HAProxy could allow unintended access to network services.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: HAProxy could allow unintended access to network services. Software Description: - haproxy: fast and reliable load balancing reverse proxy Details: Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions.

Topics%20covered

Topics Covered

security advisory access control Ubuntu remote threat authentication bypass network services haproxy

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS   haproxy                         1.6.3-1ubuntu0.3+esm2                                   Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7135-1

  CVE-2023-25725

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7135-1

Topics%20covered

Topics Covered

security advisory access control Ubuntu remote threat authentication bypass network services haproxy

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here