Описание
Security update for haproxy
This update for haproxy fixes the following issues:
- CVE-2021-40346: Fixed request smuggling vulnerability in HTX (bsc#1189877).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15
haproxy-2.0.14-3.31.1
Ссылки
- Link for SUSE-SU-2021:3258-1
- E-Mail link for SUSE-SU-2021:3258-1
- SUSE Security Ratings
- SUSE Bug 1189877
- SUSE CVE CVE-2021-40346 page
Описание
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:haproxy-2.0.14-3.31.1
Ссылки
- CVE-2021-40346
- SUSE Bug 1189877