(RHSA-2013:1120) Moderate: haproxy security update

2013-07-30T04:00:00
ID RHSA-2013:1120
Type redhat
Reporter RedHat
Modified 2018-06-09T14:14:54

Description

HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications.

A flaw was found in the way HAProxy handled requests when the proxy's configuration ("/etc/haproxy/haproxy.cfg") had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration. (CVE-2013-2175)

Red Hat would like to thank HAProxy upstream for reporting this issue. Upstream acknowledges David Torgerson as the original reporter.

HAProxy is released as a Technology Preview in Red Hat Enterprise Linux 6. More information about Red Hat Technology Previews is available at https://access.redhat.com/support/offerings/techpreview/

All users of haproxy are advised to upgrade to this updated package, which contains a backported patch to correct this issue.