Описание
Security update for haproxy
This update for haproxy fixes the following issues:
- CVE-2020-11100: Fixed an H2/HPAC vulnerability ch might have allowed arbitrary writes into a 32-bit relative address space (bsc#1168023).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15
haproxy-2.0.10+git0.ac198b92-3.19.1
Ссылки
- Link for SUSE-SU-2020:0852-1
- E-Mail link for SUSE-SU-2020:0852-1
- SUSE Security Ratings
- SUSE Bug 1168023
- SUSE CVE CVE-2020-11100 page
Описание
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:haproxy-2.0.10+git0.ac198b92-3.19.1
Ссылки
- CVE-2020-11100
- SUSE Bug 1168023