haproxy-2.4.4+git0.acb1d0bea-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10839-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z haproxy-2.4.4+git0.acb1d0bea-1.2 on GA media These are all security issues fixed in the haproxy-2.4.4+git0.acb1d0bea-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10839 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-11469/ SUSE CVE CVE-2018-11469 page https://www.suse.com/security/cve/CVE-2018-14645/ SUSE CVE CVE-2018-14645 page https://www.suse.com/security/cve/CVE-2018-20103/ SUSE CVE CVE-2018-20103 page https://www.suse.com/security/cve/CVE-2018-20615/ SUSE CVE CVE-2018-20615 page https://www.suse.com/security/cve/CVE-2019-14241/ SUSE CVE CVE-2019-14241 page https://www.suse.com/security/cve/CVE-2019-18277/ SUSE CVE CVE-2019-18277 page https://www.suse.com/security/cve/CVE-2020-11100/ SUSE CVE CVE-2020-11100 page https://www.suse.com/security/cve/CVE-2021-39240/ SUSE CVE CVE-2021-39240 page https://www.suse.com/security/cve/CVE-2021-40346/ SUSE CVE CVE-2021-40346 page openSUSE Tumbleweed haproxy-2.4.4+git0.acb1d0bea-1.2 haproxy-2.4.4+git0.acb1d0bea-1.2 as a component of openSUSE Tumbleweed Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. CVE-2018-11469 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11469.html CVE-2018-11469 https://bugzilla.suse.com/1094846 SUSE Bug 1094846 A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. CVE-2018-14645 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14645.html CVE-2018-14645 https://bugzilla.suse.com/1108683 SUSE Bug 1108683 An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. CVE-2018-20103 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20103.html CVE-2018-20103 https://bugzilla.suse.com/1119419 SUSE Bug 1119419 An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. CVE-2018-20615 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20615.html CVE-2018-20615 https://bugzilla.suse.com/1121283 SUSE Bug 1121283 HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. CVE-2019-14241 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14241.html CVE-2019-14241 https://bugzilla.suse.com/1142529 SUSE Bug 1142529 A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification). CVE-2019-18277 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-18277.html CVE-2019-18277 https://bugzilla.suse.com/1154980 SUSE Bug 1154980 In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. CVE-2020-11100 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-11100.html CVE-2020-11100 https://bugzilla.suse.com/1168023 SUSE Bug 1168023 An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve. CVE-2021-39240 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-39240.html CVE-2021-39240 https://bugzilla.suse.com/1189549 SUSE Bug 1189549 An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. CVE-2021-40346 openSUSE Tumbleweed:haproxy-2.4.4+git0.acb1d0bea-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-40346.html CVE-2021-40346 https://bugzilla.suse.com/1189877 SUSE Bug 1189877