SUSE SLES15 Security Update : haproxy (SUSE-SU-2026:1568-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1568-1 advisory. This update for haproxy fixes the following issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. Tenable has...

PT-2026-34834

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy section save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

PT-2026-34835

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy section save function in app/routes/config/routes.py. The server ip parameter, sourced from the URL path, is passed unsanitized throug...

Security update for haproxy (moderate)

openSUSE security update: security update for haproxy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20618-1 Rating: moderate References: bsc1261626 bsc1262103 Cross-References: CVE-2026-33555 CVSS scores: CVE-2026-33555 SUSE : 4...

SUSE-SU-2026:1568-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103...

Security update for haproxy

This update for haproxy fixes the following issue: CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

SUSE-SU-2026:21353-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

SUSE-SU-2026:21280-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

SUSE-SU-2026:21390-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

SUSE-SU-2026:21289-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: improper validation when matching a received body length to a previously announced Content-Length can lead to request smuggling due to HTTP/3 parser desynchronization bsc1262103...

SUSE-SU-2026:21318-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: improper validation when matching a received body length to a previously announced Content-Length can lead to request smuggling due to HTTP/3 parser desynchronization bsc1262103...

CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

haproxy-3.3.6+git91.af5637e93-1.1 on GA media (moderate)

haproxy-3.3.6+git91.af5637e93-1.1 on GA media Announcement ID: openSUSE-SU-2026:10581-1 Rating: moderate Cross-References: CVE-2026-33555 CVSS scores: CVE-2026-33555 SUSE : 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2026-33555 SUSE : 6.3...

PT-2026-33846

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.8.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of escaping special characters in usernames during LDAP authentication, which could...

OPENSUSE-SU-2026:10581-1 haproxy-3.3.6+git91.af5637e93-1.1 on GA media

These are all security issues fixed in the haproxy-3.3.6+git91.af5637e93-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-33845

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and it...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: haproxy: haproxy-3.0.19-1.1.hum1 aarch64, x8664 haproxy-3.0.19-1.1.hum1.src src...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: haproxy: haproxy-3.0.19-1.hum1 aarch64, x8664 haproxy-3.0.19-1.hum1.src src...

haproxy: Fix of CVE-2019-18277

CVE-2019-18277: reject messages where "chunked" is missing from transfer-encoding...