Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4968-1] haproxy security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4968-1] haproxy security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4968-1] haproxy security update
  • Date: Tue, 07 Sep 2021 20:58:39 +0000
  • Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1mNiAx-0005mV-UJ AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=ce09ntcpmy+7GsoGRj0cvsVjAmBb6B+DJ60NkcB/qEI=; b=Ja cMDEKIklZi7SQ+KpVAbQ3eHdPTRWiNWDroAQuGQfduWUn6yT3jsOI0qxxOCsHls6NI0X455Fofha4 /wNfmjqqezKDvbT72uKaVFawOn+MV9hb4PgZ890SA3CUFCyQ/2SsfqlrnO8BQmxRnlVOeeKTn6x/k TQOHppVy5mAN5pwRMucJEHa60bnGb542GCai78HmHWNx2cXDilcAGKumXznFNk5z6OGOeRZ7gPmsc K2r3Af6DjE2fus5zvd0wvOIyQmT8JB4mCdNAE+WUYUYm45CzmVEDycXgCYixkh3adZ29rMS1Dtlrv yISiI9XgXSggOoz5RGwpkHx5BuFOpLBg==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 7 Sep 2021 20:58:57 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <uYI-IO54bBF.A.WEG.QK9NhB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4968-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : haproxy
CVE ID : CVE-2021-40346

Ori Hollander reported that missing header name length checks in the
htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and
reliable load balancing reverse proxy, could result in request smuggling
attacks or response splitting attacks.

Additionally this update addresses #993303 introduced in DSA 4960-1
causing HAProxy to fail serving URLs with HTTP/2 containing '//'.

For the stable distribution (bullseye), this problem has been fixed in
version 2.2.9-2+deb11u2.

We recommend that you upgrade your haproxy packages.

For the detailed security status of haproxy please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/haproxy

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmE30edfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QPzQ//Xl1VpOHuAwqodHnEx3DSP172eZ6lD3Mdrs+GXscbkCXTMHduSXGnSGA3
N1IrN8Wt1bfvxybqdR3CLTehTzmgBJLGEz8Ub5gu0IJ2o1edyiqpZBDhZvDSCPFC
iFHWucZ2asOb9c/rCapTi7AD+S7NpC5AnIGfNhUHYWnFwR7Id8gHvd9JaHUGrInh
P4T5lzY70fvNFPrSye7CQFPcSScHOe29i7igKXZmV+FxvnYEYJyavf6ijwGTJF87
e1lJAm8er9bQZp3GLzkbI3bRUDmO+IgGX+H3Qz/PxbU23PhyDN91QVWCY/CX11nN
yH4evBchPM1ap2o8hPZYpUYUznYekOA1CfYxTcuP5oc9QFMEzHMNUVhSihsjGA4Y
fCxFmdhcQzTLI7GcZTkSB2k0CikF4ncH7aqtM7oK2z/CM/uJeVO1WzRtvyJKuD72
Lv6PwQ/AbMa/dKYzROyQE0vDzRd23UzlQzg1npbpHlfPYXOgyfIRLCIfBPatyGrR
snpdsNnGejesNmsbxCBwQGz2jsrgSqMe1qkho9ebK3aeaSA1lRe+WXV87NYH2wZi
JOQH9JjqXCwkH/JDoOBWasOAhyKPs4jv1JT2L2iXCNVbFcgklnc+iaUgafYV9tob
QMoc5oZREvgkpu+TOOTOBmrOw4sDfEOgcNf3G1sBBFKS4ds5wv0=
=8IRe
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4968-1] haproxy security update, Salvatore Bonaccorso, 07.09.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang