Stay Secure with the Latest Linux Advisories

security advisorybuffer overflowFedora

Fedora 31: FEDORA-2020-13fd8b1721 Critical: haproxy Buffer Overflow Exploit

Security fix for CVE-2020-11100. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-13fd8b1721 2020-04-28 02:55:39.874660 --------------------------------------------------------------------------------Name : haproxy Product : Fedora 31 Version : 2.0.14 Release : 1.fc31 URL : http://www.haproxy.org/ Summary : HAProxy reverse proxy for high availability environments Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to backup servers in the event a main one fails - accept connections to special ports dedicated to service monitoring - stop accepting connections without breaking existing ones - add, modify, and delete HTTP headers in both directions - block requests matching particular patterns - report detailed status to authenticated users from a URI intercepted from the application --------------------------------------------------------------------------------Update Information: Security fix for CVE-2020-11100 --------------------------------------------------------------------------------ChangeLog: * Thu Apr 2 2020 Ryan O'Hara - 2.0.12-2 - Update to 2.0.14 (CVE-2020-11100, #1820185) --------------------------------------------------------------------------------References: [ 1 ] Bug #1819111 - CVE-2020-11100 haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes https://bugzilla.redhat.com/show_bug.cgi?id=1819111 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-13fd8b1721' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 32 release for nginx: essential patch for buffer overflow vulnerabilities resolved in CVE-2020-12345.. Fedora haproxy security patch, HAProxy update, Linux security advisory. . Severity: Critical. LinuxSecurity.com Team

Apr 27, 2020 •Critical Fedora