Описание
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 7 | haproxy | Not affected | ||
| Red Hat Enterprise Linux 8 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 3.10 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 3.7 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | haproxy | Not affected | ||
| Red Hat OpenShift Container Platform 4 | haproxy | Not affected | ||
| Red Hat OpenShift Enterprise 3 | haproxy | Not affected | ||
| Red Hat Software Collections | rh-haproxy18-haproxy | Not affected |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.
HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ...
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.
5.9 Medium
CVSS3