Ubuntu 16.04 LTS USN-7135-1 critical: HAProxy authentication bypass
ubuntu
December 3, 2024
HAProxy could allow unintended access to network services.
Summary
HAProxy could allow unintended access to network services.
Software Description:
- haproxy: fast and reliable load balancing reverse proxy
Details:
Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS haproxy 1.6.3-1ubuntu0.3+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7135-1
CVE-2023-25725
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7135-1
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!