Описание
Security update for haproxy
This update for haproxy fixes the following issues:
- CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15 SP4
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
SUSE Linux Enterprise High Availability Extension 15 SP5
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
SUSE Linux Enterprise Micro 5.3
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
SUSE Linux Enterprise Micro 5.4
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
SUSE Linux Enterprise Micro 5.5
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
openSUSE Leap 15.4
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
openSUSE Leap 15.5
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
openSUSE Leap Micro 5.3
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
openSUSE Leap Micro 5.4
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
Ссылки
- Link for SUSE-SU-2023:4647-1
- E-Mail link for SUSE-SU-2023:4647-1
- SUSE Security Ratings
- SUSE Bug 1217653
- SUSE CVE CVE-2023-45539 page
Описание
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP4:haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
SUSE Linux Enterprise High Availability Extension 15 SP5:haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
SUSE Linux Enterprise Micro 5.3:haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
SUSE Linux Enterprise Micro 5.4:haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1
Ссылки
- CVE-2023-45539
- SUSE Bug 1217653