Oval Definition:oval:org.opensuse.security:def:66233
Revision Date:2020-12-01Version:1
Title:Security update for haproxy (Important)
Description:

This update for haproxy to version 2.0.10 fixes the following issues:

HAProxy was updated to 2.0.10

Security issues fixed:

- CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' (bsc#1154980). - Fixed an improper handling of headers which could have led to injecting LFs in H2-to-H1 transfers creating new attack space (bsc#1157712) - Fixed an issue where HEADER frames in idle streams are not rejected and thus trying to decode them HAPrpxy crashes (bsc#1157714).

Other issue addressed:

- Macro change in the spec file (bsc#1082318)

More information regarding the release at: http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e
Family:unixClass:patch
Status:Reference(s):1055014
1061843
1065600
1065729
1066382
1077428
1082318
1112178
1131277
1134760
1154980
1157712
1157714
1170415
1171558
1173432
1174748
1176354
1176485
1176560
1176713
1176723
1177086
1177101
1177271
1177281
1177410
1177411
1177470
1177687
1177719
1177740
1177749
1177750
1177753
1177754
1177755
1177766
1177855
1177856
1177861
1178003
1178027
1178166
1178185
1178187
1178188
1178202
1178234
1178330
CVE-2019-18277
CVE-2020-0430
CVE-2020-14351
CVE-2020-16120
CVE-2020-25285
CVE-2020-25656
CVE-2020-27673
CVE-2020-27675
CVE-2020-8694
SUSE-SU-2019:3126-1
SUSE-SU-2020:3272-1
Platform(s):SUSE Linux Enterprise High Availability 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND haproxy-2.0.10+git0.ac198b92-8.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • kernel-default-4.12.14-197.67 is installed
  • OR kernel-default-extra-4.12.14-197.67 is installed
    • BACK