Описание
Security update for haproxy
This update for haproxy fixes the following issues:
- CVE-2023-40225: Fixed request smuggling with empty content-length header value (bsc#1214102).
Список пакетов
Container ses/7.1/ceph/haproxy:latest
haproxy-2.0.31-150200.11.23.1
SUSE Linux Enterprise High Availability Extension 15 SP2
haproxy-2.0.31-150200.11.23.1
SUSE Linux Enterprise High Availability Extension 15 SP3
haproxy-2.0.31-150200.11.23.1
Ссылки
- Link for SUSE-SU-2023:3490-1
- E-Mail link for SUSE-SU-2023:3490-1
- SUSE Security Ratings
- SUSE Bug 1214102
- SUSE CVE CVE-2023-40225 page
Описание
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
Затронутые продукты
Container ses/7.1/ceph/haproxy:latest:haproxy-2.0.31-150200.11.23.1
SUSE Linux Enterprise High Availability Extension 15 SP2:haproxy-2.0.31-150200.11.23.1
SUSE Linux Enterprise High Availability Extension 15 SP3:haproxy-2.0.31-150200.11.23.1
Ссылки
- CVE-2023-40225
- SUSE Bug 1214102