Thursday, June 20, 2013

[USN-1889-1] HAProxy vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRw3BkAAoJEGVp2FWnRL6TNeUP/isM70MGu+qVLtlwgLNTUskn
47KLnkOD86dCY9lBb+th/Djv9T/P5EA29sHhpNfWDDnTP6osaXe1uqOckqJ4BiuK
MMMav2mgF7BuTSodrehPkeuwudof/yqVSqN6RSs7JaK1g6tMQoqs/2g/GGvegQzh
X61Qn9sPpkZmD6MENwxxtoacaW1mdiBhzIWvUoqEgAk5xxM9rGHA/PuTKvuDEC9I
R08/tLQF5EnBrOnqVgheTzPIGczghyxyCIoic/lYjbBVLqda+vS4k2IVRWddzRkd
zKo0MiJwtExpltJURnkLbRa3QP/4/5V51rzDihvIARbiNpX/jid/XUZe4XeuYmOh
+Yf+KMPfjgF6vTtz64adR03pi1c4RffRRq0uw8NU7B4AR5W2e9eu+YJEprNq1kaB
hCQgmSj345Ifj1T5xKvKaP+O6YOm2qho4fyWKmVMPz3sV7dmuEygPKekf0mqhNwS
VlVBq2r0qSi8xlrPyXhz0JO7FhillwSiPa0rvt/xLSCTL4ePp0Rnp/Whsr9AiuK5
LJ3TPzSVay8tcDfFRDBfL7YXo3YICrUXayaQaLViWzSIJaocetaaCKnJKfiOucf3
RQK02t6qTrx2MAK5eph0MzyqvtSwhvgS5LybJD8AlOSQUAqIM+4Mg2XbEZtuBI0u
ls1GpoE0SV1eOOvEg44S
=tywQ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1889-1
June 20, 2013

haproxy vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

HAProxy could be made to crash if it received specially crafted network
traffic.

Software Description:
- haproxy: fast and reliable load balancing reverse proxy

Details:

David Torgerson discovered that HAProxy incorrectly parsed certain HTTP
headers. A remote attacker could use this issue to cause HAProxy to stop
responding, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
haproxy 1.4.18-0ubuntu3.1

Ubuntu 12.10:
haproxy 1.4.18-0ubuntu2.2

Ubuntu 12.04 LTS:
haproxy 1.4.18-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1889-1
CVE-2013-2175

Package Information:
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu3.1
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu2.2
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu1.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)