ELSA-2023-1696

Опубликовано: 11 апр. 2023

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2023-1696: haproxy security update (MODERATE)

[2.4.17-3.2]

Reject empty http header field names (CVE-2023-25725, #2174174)

[2.4.17-3.1]

Refuse interim responses with end-stream flag set (CVE-2023-0056, #2174172)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

haproxy

2.4.17-3.el9_1.2

Oracle Linux x86_64

haproxy

2.4.17-3.el9_1.2

Связанные CVE

CVE-2023-25725

CVE-2023-0056

Ссылки на источники

Связанные уязвимости

SUSE-SU-2023:0413-1

suse-cvrf

больше 2 лет назад

Security update for haproxy

SUSE-SU-2023:0412-1

suse-cvrf

больше 2 лет назад

Security update for haproxy

SUSE-FU-2023:2119-1

suse-cvrf

около 2 лет назад

Feature update for haproxy

SUSE-FU-2023:2117-1

suse-cvrf

около 2 лет назад

Feature update for haproxy

CVE-2023-0056

CVSS3: 6.5

ubuntu

около 2 лет назад

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.