Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 14 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0250.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-55203, CVE-2026-55204 Description: HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues. (CVE-2026-55203) HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service. (CVE-2026-55204) References: - https://bugs.mageia.org/show_bug.cgi?id=35748 - https://www.cve.org/CVERecord?id=CVE-2026-55203 - https://www.cve.org/CVERecord?id=CVE-2026-55204 SRPMS: - 10/core/haproxy-3.4.2-1.2.mga10 - 9/core/haproxy-2.8.26-1.mga9 . Critical Mageia advisory for HAProxy fix addressing buffer overflow and null pointer dereference vulnerabilities.. Mageia HAProxy update integer overflow denial of service. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:22544-1 Release Date: 2026-07-07T10:11:29Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * Update to version 3.2.21+git0.dbe43be37 * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1166=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) *haproxy-3.2.21+git0.dbe43be37-160000.1.1 * haproxy-debuginfo-3.2.21+git0.dbe43be37-160000.1.1 * haproxy-debugsource-3.2.21+git0.dbe43be37-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . Important SUSE security update addresses two vulnerabilities in haproxy with integer overflow and null pointer dereference fixes.. SUSE security patch, haproxy vulnerabilities, software update SUSE. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:22515-1 Release Date: 2026-07-03T12:51:57Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-781=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-4.1 *haproxy-debuginfo-2.8.11+git0.01c1056a4-4.1 * haproxy-2.8.11+git0.01c1056a4-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . An important security update for haproxy addresses two vulnerabilities, ensuring stability and protection for SUSE users.. SUSE security update, haproxy patch, important vulnerabilities. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2651-1 Release Date: 2026-06-26T12:18:44Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixesthe following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2651=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 *haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . # Security update for haproxy Announcement ID: SUSE-SU-2026:2651-1 Release Date: 2026-06-26T12:18:44. update, solves, vulnerabilities, installed, security, haproxy, announ. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2651-1 Release Date: 2026-06-26T12:18:44Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixesthe following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-2651=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2651=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2651=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2651=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 *haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * haproxy-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.28.1 * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . Security update addresses two vulnerabilities in haproxy for SUSE distributions, offering essential patches for system safety.. SUSE haproxy vulnerabilities security patch update. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2652-1 Release Date: 2026-06-26T12:21:07Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2652=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-2652=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2652=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . A security update for openSUSE fixes critical issues in haproxy due to vulnerabilities. Immediate installation advised.. openSUSE security, haproxy vulnerabilities, SUSE update instruction, Linux patch management. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for haproxy Announcement ID: SUSE-SU-2026:2652-1 Release Date: 2026-06-26T12:21:07Z Rating: important References: * bsc#1268557 * bsc#1268558 Cross-References: * CVE-2026-55203 * CVE-2026-55204 CVSS scores: * CVE-2026-55203 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-55203 ( NVD ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55203 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-55203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N * CVE-2026-55204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55204 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-55204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues * CVE-2026-55203: integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers (bsc#1268557). * CVE-2026-55204: null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c (bsc#1268558). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2652=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-2652=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2652=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.15.1 * haproxy-2.8.11+git0.01c1056a4-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55203.html * https://www.suse.com/security/cve/CVE-2026-55204.html * https://bugzilla.suse.com/show_bug.cgi?id=1268557 * https://bugzilla.suse.com/show_bug.cgi?id=1268558 . Haproxy update resolves two issues affecting multiple SUSE platforms. Ensure your system is secured from these vulnerabilities.. SUSE Updates, Haproxy Security, SUSE Vulnerabilities, Linux Security, System Patch Management. . LinuxSecurity.com Team
Several security issues were fixed in HAProxy.. ========================================================================== Ubuntu Security Notice USN-8459-1 June 22, 2026 haproxy vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in HAProxy. Software Description: - haproxy: fast and reliable load balancing reverse proxy Details: It was discovered that HAProxy incorrectly handled the FCGI demultiplexer record length field. A remote attacker could possibly use this issue to cause incorrect request routing, response smuggling, or other memory safety issues. (CVE-2026-55203) It was discovered that HAProxy failed to validate the return value of the HPACK dynamic table defragmentation function when memory was exhausted. A remote attacker could possibly use this issue to cause HAProxy to crash, resulting in a denial of service. (CVE-2026-55204) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS haproxy 3.2.9-1ubuntu2.2 Ubuntu 25.10 haproxy 3.0.12-0ubuntu0.25.10.5 Ubuntu 24.04 LTS haproxy 2.8.16-0ubuntu0.24.04.3 Ubuntu 22.04 LTS haproxy 2.4.30-0ubuntu0.22.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8459-1 CVE-2026-55203, CVE-2026-55204 Package Information: https://launchpad.net/ubuntu/+source/haproxy/3.2.9-1ubuntu2.2 https://launchpad.net/ubuntu/+source/haproxy/3.0.12-0ubuntu0.25.10.5 https://launchpad.net/ubuntu/+source/haproxy/2.8.16-0ubuntu0.24.04.3 https://launchpad.net/ubuntu/+source/haproxy/2.4.30-0ubuntu0.22.04.2 . Several security issues fixed in HAProxy for Ubuntu with critical updates advisedfor all affected versions.. HAProxy Update, Ubuntu Security, Remote Attack, Denial of Service. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.