[USN-7133-1] HAProxy vulnerability

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmdOZckFAwAAAAAACgkQuGrtzot7pOdQ
7gwAp2O25x+fddPTnR1gVox9Kcklz5HkNS5dYxT0Sm+ggVLyruPAXQN3ka5pmwxKf0yxOPYJ/lbW
6QgvwR7pNJQnDgNsgQbQeDDZ+Lxp1YK75s1SLhl1NZf8GuqO2/SY8Nkv8yQ+YNiLHdYMqkBpCbTR
/sPycP/Xxfcg39IDAP18B/4AxtO8JMaN6kPOwrI9CGU0f2VBkDnTWrdRyqrBCATiYbMeWYmJ0kzK
T60UBHK24ckIukaqRnYsxziPMJukWamhCpx6zHcFYM6QqY9J/y/pJtA6zRXkqupDEXbecq1h1x4z
8YUhdGTwkY77eSRCUfVlirRv5vq30k4axwikUC5yACAGV+lymKGMvZmSrP3UOak0vzeofYC6uacl
2vHedMvK0k90uQAZj7rXzA+KDuf4EdeH0kdFrk8ypJ9rPYuarBCnamRuPxW3X3+PRMB7pLYMt28F
2phpZ93uxlflO0EOSP6dqmH3SngPCfgZHYLqJkRJsC0UbdcQlkupFNhW91kA
=e7Ir
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7133-1
December 03, 2024

haproxy vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

HAProxy could be made to expose sensitive information over the
network.

Software Description:
- haproxy: fast and reliable load balancing reverse proxy

Details:

Yuki Mogi discovered that HAProxy incorrectly handled the interpretation
of certain HTTP requests. A remote attacker could possibly use this issue
to perform a request smuggling attack and obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  haproxy                         2.8.5-1ubuntu3.2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7133-1
  CVE-2024-53008

Package Information:
  https://launchpad.net/ubuntu/+source/haproxy/2.8.5-1ubuntu3.2