| Revision Date: | 2019-11-29 | Version: | 1 |
| Title: | Security update for haproxy (Important) |
| Description: |
This update for haproxy to version 2.0.10 fixes the following issues:
HAProxy was updated to 2.0.10
Security issues fixed:
- CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' (bsc#1154980). - Fixed an improper handling of headers which could have led to injecting LFs in H2-to-H1 transfers creating new attack space (bsc#1157712) - Fixed an issue where HEADER frames in idle streams are not rejected and thus trying to decode them HAPrpxy crashes (bsc#1157714).
Other issue addressed:
- Macro change in the spec file (bsc#1082318)
More information regarding the release at: http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1082318
1154980
1157712
1157714
CVE-2019-18277
SUSE-SU-2019:3126-1
|
| Platform(s): | SUSE Linux Enterprise High Availability 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise High Availability 15 SP1 is installed AND haproxy-2.0.10+git0.ac198b92-8.8.1 is installed
|