Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1663-1

Опубликовано: 08 июл. 2015
Источник: suse-cvrf

Описание

Security update for haproxy

haproxy was updated to fix two security issues.

These security issues were fixed:

  • CVE-2015-3281: Information disclosure (bsc#937042).
  • CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937202).

Список пакетов

SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
haproxy-1.5.4-2.4.1
SUSE Linux Enterprise High Availability Extension 12
haproxy-1.5.4-2.4.1

Описание

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.


Затронутые продукты
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:haproxy-1.5.4-2.4.1
SUSE Linux Enterprise High Availability Extension 12:haproxy-1.5.4-2.4.1

Ссылки

Описание

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.


Затронутые продукты
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:haproxy-1.5.4-2.4.1
SUSE Linux Enterprise High Availability Extension 12:haproxy-1.5.4-2.4.1

Ссылки
Уязвимость SUSE-SU-2015:1663-1