Moderate: haproxy security update

2024-03-0500:00:00

errata.almalinux.org

haproxy

security update

network load balancer

tcp

http

content length headers

uri fragments

cve

cvss score

acknowledgments

references

unix

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.0%

JSON

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.

Security Fix(es):

haproxy: Proxy forwards malformed empty Content-Length headers (CVE-2023-40225)
haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (CVE-2023-45539)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux9ppc64lehaproxy< 2.4.22-3.el9_3haproxy-2.4.22-3.el9_3.ppc64le.rpm
almalinux9aarch64haproxy< 2.4.22-3.el9_3haproxy-2.4.22-3.el9_3.aarch64.rpm
almalinux9x86_64haproxy< 2.4.22-3.el9_3haproxy-2.4.22-3.el9_3.x86_64.rpm
almalinux9s390xhaproxy< 2.4.22-3.el9_3haproxy-2.4.22-3.el9_3.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	9	ppc64le	haproxy	< 2.4.22-3.el9_3	haproxy-2.4.22-3.el9_3.ppc64le.rpm
almalinux	9	aarch64	haproxy	< 2.4.22-3.el9_3	haproxy-2.4.22-3.el9_3.aarch64.rpm
almalinux	9	x86_64	haproxy	< 2.4.22-3.el9_3	haproxy-2.4.22-3.el9_3.x86_64.rpm
almalinux	9	s390x	haproxy	< 2.4.22-3.el9_3	haproxy-2.4.22-3.el9_3.s390x.rpm