Описание
Security update for haproxy
This update for haproxy fixes the following issues:
- CVE-2024-53008: Fixed HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server (bsc#1233973)
Other fixes:
- Update to version 2.8.11
Список пакетов
SUSE Linux Enterprise High Availability Extension 15 SP6
haproxy-2.8.11+git0.01c1056a4-150600.3.3.1
openSUSE Leap 15.6
haproxy-2.8.11+git0.01c1056a4-150600.3.3.1
Ссылки
- Link for SUSE-SU-2024:4390-1
- E-Mail link for SUSE-SU-2024:4390-1
- SUSE Security Ratings
- SUSE Bug 1233973
- SUSE CVE CVE-2024-53008 page
Описание
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP6:haproxy-2.8.11+git0.01c1056a4-150600.3.3.1
openSUSE Leap 15.6:haproxy-2.8.11+git0.01c1056a4-150600.3.3.1
Ссылки
- CVE-2024-53008
- SUSE Bug 1233973