ID CVE-2018-14645 Type cve Reporter cve@mitre.org Modified 2019-07-23T08:15:00
Description
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
{"openvas": [{"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14645"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310843776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843776", "type": "openvas", "title": "Ubuntu Update for haproxy USN-3780-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3780_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for haproxy USN-3780-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843776\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-14645\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:18:16 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for haproxy USN-3780-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3780-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3780-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'haproxy'\n package(s) announced via the USN-3780-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that HAProxy incorrectly handled certain requests.\nAn attacker could possibly use this issue to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"haproxy on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"haproxy\", ver:\"1.8.8-1ubuntu0.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14645"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-10-04T00:00:00", "id": "OPENVAS:1361412562310875136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875136", "type": "openvas", "title": "Fedora Update for haproxy FEDORA-2018-381ab64b59", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_381ab64b59_haproxy_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for haproxy FEDORA-2018-381ab64b59\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875136\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-04 08:53:47 +0200 (Thu, 04 Oct 2018)\");\n script_cve_id(\"CVE-2018-14645\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for haproxy FEDORA-2018-381ab64b59\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'haproxy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"haproxy on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-381ab64b59\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GCJIM6HOYUJTVXJCADDZV5EDO7SL42A\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.8.14~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T17:38:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11469", "CVE-2018-14645"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310852063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852063", "type": "openvas", "title": "openSUSE: Security Advisory for haproxy (openSUSE-SU-2018:3324-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852063\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-11469\", \"CVE-2018-14645\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:40:34 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for haproxy (openSUSE-SU-2018:3324-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3324-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00050.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'haproxy'\n package(s) announced via the openSUSE-SU-2018:3324-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for haproxy to version 1.8.14 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an\n out-of-bounds read in hpack_valid_idx() that resulted in a remote crash\n and denial of service (bsc#1108683)\n\n - CVE-2018-11469: Incorrect caching of responses to requests including an\n Authorization header allowed attackers to achieve information disclosure\n via an unauthenticated remote request (bsc#1094846).\n\n These non-security issues were fixed:\n\n - Require apparmor-abstractions to reduce dependencies (bsc#1100787)\n\n - hpack: fix improper sign check on the header index value\n\n - cli: make sure the 'getsock' command is only called on connections\n\n - tools: fix set_net_port() / set_host_port() on IPv4\n\n - patterns: fix possible double free when reloading a pattern list\n\n - server: Crash when setting FQDN via CLI.\n\n - kqueue: Don't reset the changes number by accident.\n\n - snapshot: take the proxy's lock while dumping errors\n\n - http/threads: atomically increment the error snapshot ID\n\n - dns: check and link servers' resolvers right after config parsing\n\n - h2: fix risk of memory leak on malformated wrapped frames\n\n - session: fix reporting of handshake processing time in the logs\n\n - stream: use atomic increments for the request counter\n\n - thread: implement HA_ATOMIC_XADD()\n\n - ECC cert should work with TLS v1.2 and openssl = 1.1.1\n\n - dns/server: fix incomatibility between SRV resolution and server state\n file\n\n - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.\n\n - thread: lua: Wrong SSL context initialization.\n\n - hlua: Make sure we drain the output buffer when done.\n\n - lua: reset lua transaction between http requests\n\n - mux_pt: dereference the connection with care in mux_pt_wake()\n\n - lua: Bad HTTP client request duration.\n\n - unix: provide a - drain() function\n\n - Fix spelling error in configuration doc\n\n - cli/threads: protect some server commands against concurrent operations\n\n - cli/threads: protect all 'proxy' commands against concurrent updates\n\n - lua: socket timeouts are not applied\n\n - ssl: Use consistent naming for TLS protocols\n\n - dns: explain set server ... fqdn requires resolver\n\n - map: fix map_regm with backref\n\n - ssl: loading dh param from certifile causes unpredictable error.\n\n - ssl: fix missing error loading a keytype cert from a bundle.\n\n - ssl: empty connections reported as errors.\n\n - cli: make 'show fd' thread-safe\n\n - hathreads: implement a more flexible rendez-vous point\n\n - threads: fix the no-thread case after the change to the sync point\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"haproxy on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"haproxy\", rpm:\"haproxy~1.8.14~git0.52e4d43b~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"haproxy-debuginfo\", rpm:\"haproxy-debuginfo~1.8.14~git0.52e4d43b~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"haproxy-debugsource\", rpm:\"haproxy-debugsource~1.8.14~git0.52e4d43b~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14645"], "description": "HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to backup servers in the event a main one fails - accept connections to special ports dedicated to service monitoring - stop accepting connections without breaking existing ones - add, modify, and delete HTTP headers in both directions - block requests matching particular patterns - report detailed status to authenticated users from a URI intercepted from the application ", "modified": "2018-10-02T19:35:20", "published": "2018-10-02T19:35:20", "id": "FEDORA:0F35C60129DF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: haproxy-1.8.14-1.fc29", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14645"], "description": "HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to backup servers in the event a main one fails - accept connections to special ports dedicated to service monitoring - stop accepting connections without breaking existing ones - add, modify, and delete HTTP headers in both directions - block requests matching particular patterns - report detailed status to authenticated users from a URI intercepted from the application ", "modified": "2018-10-03T15:25:08", "published": "2018-10-03T15:25:08", "id": "FEDORA:691DD6474133", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: haproxy-1.8.14-1.fc28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:16:52", "description": "Update to 1.8.14, which includes fix for CVE-2018-14645.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : haproxy (2018-381ab64b59)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14645"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:haproxy", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-381AB64B59.NASL", "href": "https://www.tenable.com/plugins/nessus/120351", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-381ab64b59.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120351);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14645\");\n script_xref(name:\"FEDORA\", value:\"2018-381ab64b59\");\n\n script_name(english:\"Fedora 28 : haproxy (2018-381ab64b59)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.8.14, which includes fix for CVE-2018-14645.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-381ab64b59\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"haproxy-1.8.14-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:15:55", "description": "Update to 1.8.14, which includes fix for CVE-2018-14645.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 29 : haproxy (2018-0b038c7047)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14645"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:haproxy", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-0B038C7047.NASL", "href": "https://www.tenable.com/plugins/nessus/120225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-0b038c7047.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120225);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14645\");\n script_xref(name:\"FEDORA\", value:\"2018-0b038c7047\");\n\n script_name(english:\"Fedora 29 : haproxy (2018-0b038c7047)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.8.14, which includes fix for CVE-2018-14645.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0b038c7047\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"haproxy-1.8.14-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-03-01T07:37:18", "description": "It was discovered that HAProxy incorrectly handled certain requests.\nAn attacker could possibly use this issue to cause a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-10-03T00:00:00", "title": "Ubuntu 18.04 LTS : haproxy vulnerability (USN-3780-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14645"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:haproxy", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3780-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117904", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3780-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117904);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-14645\");\n script_xref(name:\"USN\", value:\"3780-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : haproxy vulnerability (USN-3780-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that HAProxy incorrectly handled certain requests.\nAn attacker could possibly use this issue to cause a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3780-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"haproxy\", pkgver:\"1.8.8-1ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T17:51:51", "description": "Red Hat OpenShift Container Platform release 3.10.66 is now available\nwith updates to packages and images that fix several security, bug,\nand add enhancements.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift\nContainer Platform 3.10.66. See the following advisory for the\ncontainer images for this release :\n\nhttps://access.redhat.com/errata/RHBA-2018:2824\n\nSecurity Fix(es) :\n\n* atomic-openshift: oc patch with json causes masterapi service crash\n(CVE-2018-14632)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nRed Hat would like to thank Lars Haugan for reporting this issue.\n\nAll OpenShift Container Platform 3.10 users are advised to upgrade to\nthese updated packages and images.\n\nBug Fix(es) :\n\n* During etcd scaleup, facts about the etcd cluster are required to\nadd new hosts. This bug fix adds the necessary tasks to ensure those\nfacts get set before configuring new hosts, and therefore, allow the\nscaleup to complete as expected. (BZ#1578482)\n\n* Previously, sync pod was not available when the Prometheus install\nchecked for available nodes. As a consequence, if a custom label was\nused for the Prometheus install to select an appropriate node, the\nsync pods must have already applied the label to the nodes. Otherwise,\nthe Prometheus installer would not find any nodes with a matching\nlabel. This bug fix adds a check to the install process to wait for\nsync pods to become available before continuing. As a result, the node\nlabeling process will complete, and the nodes will have the correct\nlabels for the Prometheus pod to be scheduled. (BZ#1609019)\n\n* This bug fix corrects an issue where a pod is stuck terminating due\nto I/O errors on a FlexVolume mounted on the XFS file system.\n(BZ#1626054)\n\n* Previously, fluentd generated events internally with the\n`OneEventStream` class. This class does not have the `empty?` method.\nThe Kubernetes metadata filter used the `empty?` method on the\n`EventStream` object to avoid processing an empty stream. Fluentd\nissued error messages about the missing `empty?` method, which\noverwhelmed container logging and caused disk issues. This bug fix\nchanged the Kubernetes metadata filter only to call the `empty?`\nmethod on objects that have this method. As a result, fluentd logs do\nnot contain this message. (BZ#1626552)\n\n* RubyGems FFI 1.9.25 reverted a patch which allowed it to work on\nsystems with `SELinux deny_execmem=1`. This reversion caused fluentd\nto crash. This bug reverts the patch reversion. As a result, fluentd\ndoes not crash when using `SELinux deny_execmem=1`. (BZ#1628405)\n\n* This bug fix updates the *_redeploy-openshift-ca.yml_* playbook to\nreference the correct node client certificate file,\n`node/client-ca.crt`. (BZ#1628546)\n\n* The fix for BZ1628371 introduced a poorly built shared library with\na missing symbol. This missing symbol caused fluentd to crash with an\n'undefined symbol: rbffi_Closure_Alloc' error message. This bug fix\nrebuilds the shared library with the correct symbols. As a result,\nfluentd does not crash. (BZ#1628798)\n\n* Previously, when using Docker with the journald log driver, all\ncontainer logs, including system and plain Docker container logs, were\nlogged to the journal, and read by fluentd. Fluentd did not know how\nto handle these non-Kubernetes container logs and threw exceptions.\nThis bug fix treats non-Kubernetes container logs as logs from other\nsystem services, for example, sending them to the .operations.* index.\nAs a result, logs from non-Kubernetes containers are indexed correctly\nand do not cause any errors. (BZ#1632361)", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-12-04T00:00:00", "title": "RHEL 7 : Red Hat OpenShift Container Platform 3.10 (RHSA-2018:2709)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14632", "CVE-2018-14645"], "modified": "2018-12-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "p-cpe:/a:redhat:enterprise_linux:openshift-monitor-project-lifecycle", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry", "p-cpe:/a:redhat:enterprise_linux:python-setuptools", "p-cpe:/a:redhat:enterprise_linux:image-inspector", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:perl-IO-String", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-web-console", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node-problem-detector", "p-cpe:/a:redhat:enterprise_linux:python-py", "p-cpe:/a:redhat:enterprise_linux:haproxy-debuginfo", "p-cpe:/a:redhat:enterprise_linux:haproxy18", "p-cpe:/a:redhat:enterprise_linux:rubygem-ffi-debuginfo", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-descheduler", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:prometheus-node-exporter", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:rubygem-ffi", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks", "p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-cluster-capacity", "p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients"], "id": "REDHAT-RHSA-2018-2709.NASL", "href": "https://www.tenable.com/plugins/nessus/119405", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2709. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119405);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/11\");\n\n script_cve_id(\"CVE-2018-14632\", \"CVE-2018-14645\");\n script_xref(name:\"RHSA\", value:\"2018:2709\");\n\n script_name(english:\"RHEL 7 : Red Hat OpenShift Container Platform 3.10 (RHSA-2018:2709)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Red Hat OpenShift Container Platform release 3.10.66 is now available\nwith updates to packages and images that fix several security, bug,\nand add enhancements.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift\nContainer Platform 3.10.66. See the following advisory for the\ncontainer images for this release :\n\nhttps://access.redhat.com/errata/RHBA-2018:2824\n\nSecurity Fix(es) :\n\n* atomic-openshift: oc patch with json causes masterapi service crash\n(CVE-2018-14632)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nRed Hat would like to thank Lars Haugan for reporting this issue.\n\nAll OpenShift Container Platform 3.10 users are advised to upgrade to\nthese updated packages and images.\n\nBug Fix(es) :\n\n* During etcd scaleup, facts about the etcd cluster are required to\nadd new hosts. This bug fix adds the necessary tasks to ensure those\nfacts get set before configuring new hosts, and therefore, allow the\nscaleup to complete as expected. (BZ#1578482)\n\n* Previously, sync pod was not available when the Prometheus install\nchecked for available nodes. As a consequence, if a custom label was\nused for the Prometheus install to select an appropriate node, the\nsync pods must have already applied the label to the nodes. Otherwise,\nthe Prometheus installer would not find any nodes with a matching\nlabel. This bug fix adds a check to the install process to wait for\nsync pods to become available before continuing. As a result, the node\nlabeling process will complete, and the nodes will have the correct\nlabels for the Prometheus pod to be scheduled. (BZ#1609019)\n\n* This bug fix corrects an issue where a pod is stuck terminating due\nto I/O errors on a FlexVolume mounted on the XFS file system.\n(BZ#1626054)\n\n* Previously, fluentd generated events internally with the\n`OneEventStream` class. This class does not have the `empty?` method.\nThe Kubernetes metadata filter used the `empty?` method on the\n`EventStream` object to avoid processing an empty stream. Fluentd\nissued error messages about the missing `empty?` method, which\noverwhelmed container logging and caused disk issues. This bug fix\nchanged the Kubernetes metadata filter only to call the `empty?`\nmethod on objects that have this method. As a result, fluentd logs do\nnot contain this message. (BZ#1626552)\n\n* RubyGems FFI 1.9.25 reverted a patch which allowed it to work on\nsystems with `SELinux deny_execmem=1`. This reversion caused fluentd\nto crash. This bug reverts the patch reversion. As a result, fluentd\ndoes not crash when using `SELinux deny_execmem=1`. (BZ#1628405)\n\n* This bug fix updates the *_redeploy-openshift-ca.yml_* playbook to\nreference the correct node client certificate file,\n`node/client-ca.crt`. (BZ#1628546)\n\n* The fix for BZ1628371 introduced a poorly built shared library with\na missing symbol. This missing symbol caused fluentd to crash with an\n'undefined symbol: rbffi_Closure_Alloc' error message. This bug fix\nrebuilds the shared library with the correct symbols. As a result,\nfluentd does not crash. (BZ#1628798)\n\n* Previously, when using Docker with the journald log driver, all\ncontainer logs, including system and plain Docker container logs, were\nlogged to the journal, and read by fluentd. Fluentd did not know how\nto handle these non-Kubernetes container logs and threw exceptions.\nThis bug fix treats non-Kubernetes container logs as logs from other\nsystem services, for example, sending them to the .operations.* index.\nAs a result, logs from non-Kubernetes containers are indexed correctly\nand do not cause any errors. (BZ#1632361)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-14632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-14645\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14645\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-descheduler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node-problem-detector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-web-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:haproxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:haproxy18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:image-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-cluster-capacity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-monitor-project-lifecycle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-IO-String\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus-node-exporter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-py\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-setuptools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-ffi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2709\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"atomic-openshift-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenShift\");\n\n if (rpm_exists(rpm:\"atomic-enterprise-service-catalog-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-enterprise-service-catalog-3.10.66-1.git.1450.b758bdb.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-enterprise-service-catalog-svcat-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-enterprise-service-catalog-svcat-3.10.66-1.git.1450.b758bdb.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-descheduler-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-descheduler-3.10.66-1.git.299.e466391.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-dockerregistry-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-dockerregistry-3.10.66-1.git.390.77310f8.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hyperkube-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hyperkube-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hypershift-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hypershift-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-problem-detector-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-problem-detector-3.10.66-1.git.198.2fcf818.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.10.66-1.git.0.91d1e89.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-web-console-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-web-console-3.10.66-1.git.389.adbeb58.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"haproxy-debuginfo-1.8.14-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"haproxy18-1.8.14-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"image-inspector-2.4.0-3.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-3.10.66-1.git.0.3c3a83a.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-docs-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-docs-3.10.66-1.git.0.3c3a83a.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-playbooks-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-playbooks-3.10.66-1.git.0.3c3a83a.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-ansible-roles-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"openshift-ansible-roles-3.10.66-1.git.0.3c3a83a.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-enterprise-cluster-capacity-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-enterprise-cluster-capacity-3.10.66-1.git.380.aef3728.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-monitor-project-lifecycle-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-monitor-project-lifecycle-3.10.66-1.git.59.57c03d5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"perl-IO-String-1.08-20.el7\")) flag++;\n if (rpm_exists(rpm:\"prometheus-node-exporter-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"prometheus-node-exporter-3.10.66-1.git.1060.f6046fd.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-py-1.4.32-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-setuptools-17.1.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-ffi-1.9.25-4.el7_5\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-ffi-debuginfo-1.9.25-4.el7_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-enterprise-service-catalog / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:34:24", "description": "This update for haproxy to version 1.8.14 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-14645: A flaw was discovered in the HPACK\n decoder what caused an out-of-bounds read in\n hpack_valid_idx() that resulted in a remote crash and\n denial of service (bsc#1108683)\n\n - CVE-2018-11469: Incorrect caching of responses to\n requests including an Authorization header allowed\n attackers to achieve information disclosure via an\n unauthenticated remote request (bsc#1094846).\n\nThese non-security issues were fixed :\n\n - Require apparmor-abstractions to reduce dependencies\n (bsc#1100787)\n\n - hpack: fix improper sign check on the header index value\n\n - cli: make sure the 'getsock' command is only called on\n connections\n\n - tools: fix set_net_port() / set_host_port() on IPv4\n\n - patterns: fix possible double free when reloading a\n pattern list\n\n - server: Crash when setting FQDN via CLI.\n\n - kqueue: Don't reset the changes number by accident.\n\n - snapshot: take the proxy's lock while dumping errors\n\n- http/threads: atomically increment the error snapshot ID\n\n - dns: check and link servers' resolvers right after\n config parsing\n\n - h2: fix risk of memory leak on malformated wrapped\n frames\n\n - session: fix reporting of handshake processing time in\n the logs\n\n - stream: use atomic increments for the request counter\n\n - thread: implement HA_ATOMIC_XADD()\n\n - ECC cert should work with TLS < v1.2 and openssl >=\n 1.1.1\n\n - dns/server: fix incomatibility between SRV resolution\n and server state file\n\n - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP\n returns 0.\n\n - thread: lua: Wrong SSL context initialization.\n\n - hlua: Make sure we drain the output buffer when done.\n\n - lua: reset lua transaction between http requests\n\n - mux_pt: dereference the connection with care in\n mux_pt_wake()\n\n - lua: Bad HTTP client request duration.\n\n - unix: provide a ->drain() function\n\n - Fix spelling error in configuration doc\n\n - cli/threads: protect some server commands against\n concurrent operations\n\n - cli/threads: protect all 'proxy' commands against\n concurrent updates\n\n - lua: socket timeouts are not applied\n\n - ssl: Use consistent naming for TLS protocols\n\n - dns: explain set server ... fqdn requires resolver\n\n - map: fix map_regm with backref\n\n - ssl: loading dh param from certifile causes\n unpredictable error.\n\n - ssl: fix missing error loading a keytype cert from a\n bundle.\n\n - ssl: empty connections reported as errors.\n\n - cli: make 'show fd' thread-safe\n\n - hathreads: implement a more flexible rendez-vous point\n\n - threads: fix the no-thread case after the change to the\n sync point\n\n - threads: add more consistency between certain variables\n in no-thread case\n\n - threads: fix the double CAS implementation for ARMv7\n\n - threads: Introduce double-width CAS on x86_64 and arm.\n\n - lua: possible CLOSE-WAIT state with '\\n' headers\n\nFor additional changes please refer to the changelog.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-10-24T00:00:00", "title": "openSUSE Security Update : haproxy (openSUSE-2018-1229)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11469", "CVE-2018-14645"], "modified": "2018-10-24T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:haproxy-debuginfo", "p-cpe:/a:novell:opensuse:haproxy-debugsource", "p-cpe:/a:novell:opensuse:haproxy"], "id": "OPENSUSE-2018-1229.NASL", "href": "https://www.tenable.com/plugins/nessus/118344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1229.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118344);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11469\", \"CVE-2018-14645\");\n\n script_name(english:\"openSUSE Security Update : haproxy (openSUSE-2018-1229)\");\n script_summary(english:\"Check for the openSUSE-2018-1229 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for haproxy to version 1.8.14 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-14645: A flaw was discovered in the HPACK\n decoder what caused an out-of-bounds read in\n hpack_valid_idx() that resulted in a remote crash and\n denial of service (bsc#1108683)\n\n - CVE-2018-11469: Incorrect caching of responses to\n requests including an Authorization header allowed\n attackers to achieve information disclosure via an\n unauthenticated remote request (bsc#1094846).\n\nThese non-security issues were fixed :\n\n - Require apparmor-abstractions to reduce dependencies\n (bsc#1100787)\n\n - hpack: fix improper sign check on the header index value\n\n - cli: make sure the 'getsock' command is only called on\n connections\n\n - tools: fix set_net_port() / set_host_port() on IPv4\n\n - patterns: fix possible double free when reloading a\n pattern list\n\n - server: Crash when setting FQDN via CLI.\n\n - kqueue: Don't reset the changes number by accident.\n\n - snapshot: take the proxy's lock while dumping errors\n\n- http/threads: atomically increment the error snapshot ID\n\n - dns: check and link servers' resolvers right after\n config parsing\n\n - h2: fix risk of memory leak on malformated wrapped\n frames\n\n - session: fix reporting of handshake processing time in\n the logs\n\n - stream: use atomic increments for the request counter\n\n - thread: implement HA_ATOMIC_XADD()\n\n - ECC cert should work with TLS < v1.2 and openssl >=\n 1.1.1\n\n - dns/server: fix incomatibility between SRV resolution\n and server state file\n\n - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP\n returns 0.\n\n - thread: lua: Wrong SSL context initialization.\n\n - hlua: Make sure we drain the output buffer when done.\n\n - lua: reset lua transaction between http requests\n\n - mux_pt: dereference the connection with care in\n mux_pt_wake()\n\n - lua: Bad HTTP client request duration.\n\n - unix: provide a ->drain() function\n\n - Fix spelling error in configuration doc\n\n - cli/threads: protect some server commands against\n concurrent operations\n\n - cli/threads: protect all 'proxy' commands against\n concurrent updates\n\n - lua: socket timeouts are not applied\n\n - ssl: Use consistent naming for TLS protocols\n\n - dns: explain set server ... fqdn requires resolver\n\n - map: fix map_regm with backref\n\n - ssl: loading dh param from certifile causes\n unpredictable error.\n\n - ssl: fix missing error loading a keytype cert from a\n bundle.\n\n - ssl: empty connections reported as errors.\n\n - cli: make 'show fd' thread-safe\n\n - hathreads: implement a more flexible rendez-vous point\n\n - threads: fix the no-thread case after the change to the\n sync point\n\n - threads: add more consistency between certain variables\n in no-thread case\n\n - threads: fix the double CAS implementation for ARMv7\n\n - threads: Introduce double-width CAS on x86_64 and arm.\n\n - lua: possible CLOSE-WAIT state with '\\n' headers\n\nFor additional changes please refer to the changelog.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108683\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"haproxy-1.8.14~git0.52e4d43b-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"haproxy-debuginfo-1.8.14~git0.52e4d43b-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"haproxy-debugsource-1.8.14~git0.52e4d43b-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy / haproxy-debuginfo / haproxy-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:54:10", "description": "This update for haproxy to version 1.8.14 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-14645: A flaw was discovered in the HPACK\n decoder what caused an out-of-bounds read in\n hpack_valid_idx() that resulted in a remote crash and\n denial of service (bsc#1108683)\n\n - CVE-2018-11469: Incorrect caching of responses to\n requests including an Authorization header allowed\n attackers to achieve information disclosure via an\n unauthenticated remote request (bsc#1094846).\n\nThese non-security issues were fixed :\n\n - Require apparmor-abstractions to reduce dependencies\n (bsc#1100787)\n\n - hpack: fix improper sign check on the header index value\n\n - cli: make sure the 'getsock' command is only called on\n connections\n\n - tools: fix set_net_port() / set_host_port() on IPv4\n\n - patterns: fix possible double free when reloading a\n pattern list\n\n - server: Crash when setting FQDN via CLI.\n\n - kqueue: Don't reset the changes number by accident.\n\n - snapshot: take the proxy's lock while dumping errors\n\n- http/threads: atomically increment the error snapshot ID\n\n - dns: check and link servers' resolvers right after\n config parsing\n\n - h2: fix risk of memory leak on malformated wrapped\n frames\n\n - session: fix reporting of handshake processing time in\n the logs\n\n - stream: use atomic increments for the request counter\n\n - thread: implement HA_ATOMIC_XADD()\n\n - ECC cert should work with TLS < v1.2 and openssl >=\n 1.1.1\n\n - dns/server: fix incomatibility between SRV resolution\n and server state file\n\n - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP\n returns 0.\n\n - thread: lua: Wrong SSL context initialization.\n\n - hlua: Make sure we drain the output buffer when done.\n\n - lua: reset lua transaction between http requests\n\n - mux_pt: dereference the connection with care in\n mux_pt_wake()\n\n - lua: Bad HTTP client request duration.\n\n - unix: provide a ->drain() function\n\n - Fix spelling error in configuration doc\n\n - cli/threads: protect some server commands against\n concurrent operations\n\n - cli/threads: protect all 'proxy' commands against\n concurrent updates\n\n - lua: socket timeouts are not applied\n\n - ssl: Use consistent naming for TLS protocols\n\n - dns: explain set server ... fqdn requires resolver\n\n - map: fix map_regm with backref\n\n - ssl: loading dh param from certifile causes\n unpredictable error.\n\n - ssl: fix missing error loading a keytype cert from a\n bundle.\n\n - ssl: empty connections reported as errors.\n\n - cli: make 'show fd' thread-safe\n\n - hathreads: implement a more flexible rendez-vous point\n\n - threads: fix the no-thread case after the change to the\n sync point\n\n - threads: add more consistency between certain variables\n in no-thread case\n\n - threads: fix the double CAS implementation for ARMv7\n\n - threads: Introduce double-width CAS on x86_64 and arm.\n\n - lua: possible CLOSE-WAIT state with '\\n' headers\n\nFor additional changes please refer to the changelog.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 16, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : haproxy (openSUSE-2019-824)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11469", "CVE-2018-14645"], "modified": "2019-03-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:haproxy-debuginfo", "p-cpe:/a:novell:opensuse:haproxy-debugsource", "p-cpe:/a:novell:opensuse:haproxy"], "id": "OPENSUSE-2019-824.NASL", "href": "https://www.tenable.com/plugins/nessus/123348", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-824.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123348);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11469\", \"CVE-2018-14645\");\n\n script_name(english:\"openSUSE Security Update : haproxy (openSUSE-2019-824)\");\n script_summary(english:\"Check for the openSUSE-2019-824 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for haproxy to version 1.8.14 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2018-14645: A flaw was discovered in the HPACK\n decoder what caused an out-of-bounds read in\n hpack_valid_idx() that resulted in a remote crash and\n denial of service (bsc#1108683)\n\n - CVE-2018-11469: Incorrect caching of responses to\n requests including an Authorization header allowed\n attackers to achieve information disclosure via an\n unauthenticated remote request (bsc#1094846).\n\nThese non-security issues were fixed :\n\n - Require apparmor-abstractions to reduce dependencies\n (bsc#1100787)\n\n - hpack: fix improper sign check on the header index value\n\n - cli: make sure the 'getsock' command is only called on\n connections\n\n - tools: fix set_net_port() / set_host_port() on IPv4\n\n - patterns: fix possible double free when reloading a\n pattern list\n\n - server: Crash when setting FQDN via CLI.\n\n - kqueue: Don't reset the changes number by accident.\n\n - snapshot: take the proxy's lock while dumping errors\n\n- http/threads: atomically increment the error snapshot ID\n\n - dns: check and link servers' resolvers right after\n config parsing\n\n - h2: fix risk of memory leak on malformated wrapped\n frames\n\n - session: fix reporting of handshake processing time in\n the logs\n\n - stream: use atomic increments for the request counter\n\n - thread: implement HA_ATOMIC_XADD()\n\n - ECC cert should work with TLS < v1.2 and openssl >=\n 1.1.1\n\n - dns/server: fix incomatibility between SRV resolution\n and server state file\n\n - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP\n returns 0.\n\n - thread: lua: Wrong SSL context initialization.\n\n - hlua: Make sure we drain the output buffer when done.\n\n - lua: reset lua transaction between http requests\n\n - mux_pt: dereference the connection with care in\n mux_pt_wake()\n\n - lua: Bad HTTP client request duration.\n\n - unix: provide a ->drain() function\n\n - Fix spelling error in configuration doc\n\n - cli/threads: protect some server commands against\n concurrent operations\n\n - cli/threads: protect all 'proxy' commands against\n concurrent updates\n\n - lua: socket timeouts are not applied\n\n - ssl: Use consistent naming for TLS protocols\n\n - dns: explain set server ... fqdn requires resolver\n\n - map: fix map_regm with backref\n\n - ssl: loading dh param from certifile causes\n unpredictable error.\n\n - ssl: fix missing error loading a keytype cert from a\n bundle.\n\n - ssl: empty connections reported as errors.\n\n - cli: make 'show fd' thread-safe\n\n - hathreads: implement a more flexible rendez-vous point\n\n - threads: fix the no-thread case after the change to the\n sync point\n\n - threads: add more consistency between certain variables\n in no-thread case\n\n - threads: fix the double CAS implementation for ARMv7\n\n - threads: Introduce double-width CAS on x86_64 and arm.\n\n - lua: possible CLOSE-WAIT state with '\\n' headers\n\nFor additional changes please refer to the changelog.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108683\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected haproxy packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11469\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:haproxy-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"haproxy-1.8.14~git0.52e4d43b-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"haproxy-debuginfo-1.8.14~git0.52e4d43b-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"haproxy-debugsource-1.8.14~git0.52e4d43b-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"haproxy / haproxy-debuginfo / haproxy-debugsource\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14645"], "description": "It was discovered that HAProxy incorrectly handled certain requests. \nAn attacker could possibly use this issue to cause a denial of service.", "edition": 4, "modified": "2018-10-02T00:00:00", "published": "2018-10-02T00:00:00", "id": "USN-3780-1", "href": "https://ubuntu.com/security/notices/USN-3780-1", "title": "HAProxy vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14645"], "description": "HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.\n\nSecurity Fix(es):\n\n* haproxy: Out-of-bounds read in HPACK decoder (CVE-2018-14645)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Tim D\u00fcsterhus and Willy Tarreau for reporting this issue.", "modified": "2018-10-08T13:42:32", "published": "2018-10-08T13:39:55", "id": "RHSA-2018:2882", "href": "https://access.redhat.com/errata/RHSA-2018:2882", "type": "redhat", "title": "(RHSA-2018:2882) Important: rh-haproxy18-haproxy security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-11T13:31:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14632", "CVE-2018-14645"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.10.66. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2824\n\nSecurity Fix(es):\n\n* atomic-openshift: oc patch with json causes masterapi service crash (CVE-2018-14632)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Lars Haugan for reporting this issue.\n\nAll OpenShift Container Platform 3.10 users are advised to upgrade to these updated packages and images.\n\nBug Fix(es):\n\n* During etcd scaleup, facts about the etcd cluster are required to add new hosts. This bug fix adds the necessary tasks to ensure those facts get set before configuring new hosts, and therefore, allow the scaleup to complete as expected. (BZ#1578482)\n\n* Previously, sync pod was not available when the Prometheus install checked for available nodes. As a consequence, if a custom label was used for the Prometheus install to select an appropriate node, the sync pods must have already applied the label to the nodes. Otherwise, the Prometheus installer would not find any nodes with a matching label. This bug fix adds a check to the install process to wait for sync pods to become available before continuing. As a result, the node labeling process will complete, and the nodes will have the correct labels for the Prometheus pod to be scheduled. (BZ#1609019)\n\n* This bug fix corrects an issue where a pod is stuck terminating due to I/O errors on a FlexVolume mounted on the XFS file system. (BZ#1626054)\n\n* Previously, fluentd generated events internally with the `OneEventStream` class. This class does not have the `empty?` method. The Kubernetes metadata filter used the `empty?` method on the `EventStream` object to avoid processing an empty stream. Fluentd issued error messages about the missing `empty?` method, which overwhelmed container logging and caused disk issues. This bug fix changed the Kubernetes metadata filter only to call the `empty?` method on objects that have this method. As a result,\nfluentd logs do not contain this message. (BZ#1626552)\n\n* RubyGems FFI 1.9.25 reverted a patch which allowed it to work on systems with `SELinux deny_execmem=1`. This reversion caused fluentd to crash. This bug reverts the patch reversion. As a result, fluentd does not crash when using `SELinux deny_execmem=1`. (BZ#1628405)\n\n* This bug fix updates the *_redeploy-openshift-ca.yml_* playbook to reference the correct node client certificate file, `node/client-ca.crt`. (BZ#1628546)\n\n* The fix for BZ1628371 introduced a poorly built shared library with a missing symbol. This missing symbol caused fluentd to crash with an \"undefined symbol: rbffi_Closure_Alloc\" error message. This bug fix rebuilds the shared library with the correct symbols. As a result, fluentd does not crash. (BZ#1628798)\n\n* Previously, when using Docker with the journald log driver, all container logs, including system and plain Docker container logs, were logged to the journal, and read by fluentd. Fluentd did not know how to handle these non-Kubernetes container logs and threw exceptions. This bug fix treats non-Kubernetes container logs as logs from other system services, for example, sending them to the .operations.* index. As a result, logs from\nnon-Kubernetes containers are indexed correctly and do not cause any errors. (BZ#1632361)", "modified": "2019-03-11T08:32:04", "published": "2018-11-11T21:28:30", "id": "RHSA-2018:2709", "href": "https://access.redhat.com/errata/RHSA-2018:2709", "type": "redhat", "title": "(RHSA-2018:2709) Important: Red Hat OpenShift Container Platform 3.10 security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2018-10-23T16:31:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11469", "CVE-2018-14645"], "description": "This update for haproxy to version 1.8.14 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an\n out-of-bounds read in hpack_valid_idx() that resulted in a remote crash\n and denial of service (bsc#1108683)\n - CVE-2018-11469: Incorrect caching of responses to requests including an\n Authorization header allowed attackers to achieve information disclosure\n via an unauthenticated remote request (bsc#1094846).\n\n These non-security issues were fixed:\n\n - Require apparmor-abstractions to reduce dependencies (bsc#1100787)\n - hpack: fix improper sign check on the header index value\n - cli: make sure the "getsock" command is only called on connections\n - tools: fix set_net_port() / set_host_port() on IPv4\n - patterns: fix possible double free when reloading a pattern list\n - server: Crash when setting FQDN via CLI.\n - kqueue: Don't reset the changes number by accident.\n - snapshot: take the proxy's lock while dumping errors\n - http/threads: atomically increment the error snapshot ID\n - dns: check and link servers' resolvers right after config parsing\n - h2: fix risk of memory leak on malformated wrapped frames\n - session: fix reporting of handshake processing time in the logs\n - stream: use atomic increments for the request counter\n - thread: implement HA_ATOMIC_XADD()\n - ECC cert should work with TLS < v1.2 and openssl >= 1.1.1\n - dns/server: fix incomatibility between SRV resolution and server state\n file\n - hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.\n - thread: lua: Wrong SSL context initialization.\n - hlua: Make sure we drain the output buffer when done.\n - lua: reset lua transaction between http requests\n - mux_pt: dereference the connection with care in mux_pt_wake()\n - lua: Bad HTTP client request duration.\n - unix: provide a ->drain() function\n - Fix spelling error in configuration doc\n - cli/threads: protect some server commands against concurrent operations\n - cli/threads: protect all "proxy" commands against concurrent updates\n - lua: socket timeouts are not applied\n - ssl: Use consistent naming for TLS protocols\n - dns: explain set server ... fqdn requires resolver\n - map: fix map_regm with backref\n - ssl: loading dh param from certifile causes unpredictable error.\n - ssl: fix missing error loading a keytype cert from a bundle.\n - ssl: empty connections reported as errors.\n - cli: make "show fd" thread-safe\n - hathreads: implement a more flexible rendez-vous point\n - threads: fix the no-thread case after the change to the sync point\n - threads: add more consistency between certain variables in no-thread case\n - threads: fix the double CAS implementation for ARMv7\n - threads: Introduce double-width CAS on x86_64 and arm.\n - lua: possible CLOSE-WAIT state with '\\n' headers\n\n For additional changes please refer to the changelog.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-10-23T15:26:52", "published": "2018-10-23T15:26:52", "id": "OPENSUSE-SU-2018:3324-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00050.html", "title": "Security update for haproxy (important)", "type": "suse", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
