Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: haproxy on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Tuesday 28th May 2013 19:42:40 UTC (over 3 years ago)
Synopsis:          Moderate: haproxy security update
Advisory ID:       SLSA-2013:0868-1
Issue Date:        2013-05-28
CVE Numbers:       CVE-2013-1912
--

A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP
requests. A remote attacker could send pipelined HTTP requests that would
cause HAProxy to crash or, potentially, execute arbitrary code with the
privileges of the user running HAProxy. This issue only affected systems
using all of the following combined configuration options: HTTP keep alive
enabled, HTTP keywords in TCP inspection rules, and request appending
rules. (CVE-2013-1912)
--

SL6
  x86_64
    haproxy-1.4.22-4.el6_4.x86_64.rpm
    haproxy-debuginfo-1.4.22-4.el6_4.x86_64.rpm
  i386
    haproxy-1.4.22-4.el6_4.i686.rpm
    haproxy-debuginfo-1.4.22-4.el6_4.i686.rpm

The following packages were added for dependency resolution
SL6
  x86_64
     setup-2.8.14-20.el6.noarch.rpm
  i386
     setup-2.8.14-20.el6.noarch.rpm

- Scientific Linux Development Team
 
CD: 3ms