Security update for haproxy (moderate)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2019:2556-1 Rating: moderate References: 1142529 Cross-References: CVE-2019-14241 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for haproxy ...

SUSE-SU-2019:3002-1 Security update for haproxy

This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues: Security issue fixed: - CVE-2019-14241: Fixed a cookie memory corruption problem. bsc1142529 The update to 2.0.5 brings lots of features and bugfixes: - new internal native HTTP representation called HTX, was alrea...

SUSE-SU-2019:3001-1 Security update for haproxy

This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues: Security issue fixed: - CVE-2019-14241: Fixed a cookie memory corruption problem. bsc1142529 The update to 2.0.5 brings lots of features and bugfixes: - new internal native HTTP representation called HTX, was alrea...

Critical Photon OS Security Update - PHSA-2019-0255

Updates of 'file', 'git', 'python3', 'libndp', 'curl', 'haproxy', 'libpcap', 'linux', 'tcpdump', 'binutils', 'e2fsprogs', 'linux-esx', 'python2', 'polkit' packages of Photon OS have been released...

Ubuntu 16.04 LTS / 18.04 LTS : HAproxy vulnerability (USN-4174-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4174-1 advisory. It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation Request...

USN-4174-1: HAproxy vulnerability

It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation Request Smuggling...

Important Photon OS Security Update - PHSA-2019-3.0-0038

Updates of 'haproxy' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2019-0038

Updates of 'haproxy' packages of Photon OS have been released...

CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

DEBIAN-CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

Code injection

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

UBUNTU-CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

CVE-2019-18277

CVE-2019-18277 affects HAProxy in legacy mode: requests with a transfer-encoding header missing the chunked value are not properly rejected, which combined with http-reuse always can aid HTTP request smuggling against a vulnerable component with a lenient parser that ignores content-length after ...

CVE-2019-16869

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling. Mitigation Use HTTP/2 instead clear boundaries between requests Disable reuse of backend connections eg. http-reuse never in HAProxy or whateve...

Photon OS 3.0: Haproxy PHSA-2019-3.0-0026

An update of the haproxy package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0026. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...