Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 164 articles for you...
203

Mageia HAProxy Critical Buffer Overflow Denial of Service 2026-0250

Security update. Publication date: 14 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0250.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-55203, CVE-2026-55204 Description: HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues. (CVE-2026-55203) HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service. (CVE-2026-55204) References: - https://bugs.mageia.org/show_bug.cgi?id=35748 - https://www.cve.org/CVERecord?id=CVE-2026-55203 - https://www.cve.org/CVERecord?id=CVE-2026-55204 SRPMS: - 10/core/haproxy-3.4.2-1.2.mga10 - 9/core/haproxy-2.8.26-1.mga9 . Critical Mageia advisory for HAProxy fix addressing buffer overflow and null pointer dereference vulnerabilities.. Mageia HAProxy update integer overflow denial of service. . LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Mageia
100

SUSE haproxy Important Integer Overflow Null Pointer Issues ID 2026-22544-1

An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:22544-1 Release Date: 2026-07-07T10:11:29Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * Update to version 3.2.21+git0.dbe43be37 * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1166=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) *haproxy-3.2.21+git0.dbe43be37-160000.1.1 * haproxy-debuginfo-3.2.21+git0.dbe43be37-160000.1.1 * haproxy-debugsource-3.2.21+git0.dbe43be37-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . Important SUSE security update addresses two vulnerabilities in haproxy with integer overflow and null pointer dereference fixes.. SUSE security patch, haproxy vulnerabilities, software update SUSE. . LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 SuSE
100

SUSE haproxy Important Buffer Overflow Null Pointer Vuln 2026-22515-1

An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:22515-1 Release Date: 2026-07-03T12:51:57Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-781=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-4.1 *haproxy-debuginfo-2.8.11+git0.01c1056a4-4.1 * haproxy-2.8.11+git0.01c1056a4-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . An important security update for haproxy addresses two vulnerabilities, ensuring stability and protection for SUSE users.. SUSE security update, haproxy patch, important vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 SuSE
202

openSUSE haproxy Important Buffer Misparse Null Pointer 2026-2651-1

An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2651-1 Release Date: 2026-06-26T12:18:44Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixesthe following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2651=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 *haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . # Security update for haproxy Announcement ID: SUSE-SU-2026:2651-1 Release Date: 2026-06-26T12:18:44. update, solves, vulnerabilities, installed, security, haproxy, announ. . LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 OpenSUSE
100

SUSE haproxy Important Integer Overflow Null Pointer 2026-2651-1

An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2651-1 Release Date: 2026-06-26T12:18:44Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixesthe following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2651=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 *haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . Security update addresses two vulnerabilities in haproxy for SUSE distributions, offering essential patches for system safety.. SUSE haproxy vulnerabilities security patch update. . LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 SuSE
202

openSUSE haproxy Important Buffer Overflow Null Pointer Attack 2026-2652-1

An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2652-1 Release Date: 2026-06-26T12:21:07Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2652=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-2652=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2652=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . A security update for openSUSE fixes critical issues in haproxy due to vulnerabilities. Immediate installation advised.. openSUSE security, haproxy vulnerabilities, SUSE update instruction, Linux patch management. . LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 OpenSUSE
100

SUSE Haproxy Important Security Issues Modeled 2026-2652-1

An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2652-1 Release Date: 2026-06-26T12:21:07Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2652=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-2652=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2652=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . Haproxy update resolves two issues affecting multiple SUSE platforms. Ensure your system is secured from these vulnerabilities.. SUSE Updates, Haproxy Security, SUSE Vulnerabilities, Linux Security, System Patch Management. . LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 SuSE
172

Ubuntu 26.04 LTS HAProxy Important Denial of Service USN-8459-1

Several security issues were fixed in HAProxy.. ========================================================================== Ubuntu Security Notice USN-8459-1 June 22, 2026 haproxy vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in HAProxy. Software Description: - haproxy: fast and reliable load balancing reverse proxy Details: It was discovered that HAProxy incorrectly handled the FCGI demultiplexer record length field. A remote attacker could possibly use this issue to cause incorrect request routing, response smuggling, or other memory safety issues. (CVE-2026-55203) It was discovered that HAProxy failed to validate the return value of the HPACK dynamic table defragmentation function when memory was exhausted. A remote attacker could possibly use this issue to cause HAProxy to crash, resulting in a denial of service. (CVE-2026-55204) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS haproxy 3.2.9-1ubuntu2.2 Ubuntu 25.10 haproxy 3.0.12-0ubuntu0.25.10.5 Ubuntu 24.04 LTS haproxy 2.8.16-0ubuntu0.24.04.3 Ubuntu 22.04 LTS haproxy 2.4.30-0ubuntu0.22.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8459-1 CVE-2026-55203, CVE-2026-55204 Package Information: https://launchpad.net/ubuntu/+source/haproxy/3.2.9-1ubuntu2.2 https://launchpad.net/ubuntu/+source/haproxy/3.0.12-0ubuntu0.25.10.5 https://launchpad.net/ubuntu/+source/haproxy/2.8.16-0ubuntu0.24.04.3 https://launchpad.net/ubuntu/+source/haproxy/2.4.30-0ubuntu0.22.04.2 . Several security issues fixed in HAProxy for Ubuntu with critical updates advisedfor all affected versions.. HAProxy Update, Ubuntu Security, Remote Attack, Denial of Service. . LinuxSecurity.com Team

Calendar%202 Jun 22, 2026 Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200