haproxy-1.8.15-6.el8.1
エラータID: AXSA:2020-172:01
Release date:
Monday, June 22, 2020 - 11:19
Subject:
haproxy-1.8.15-6.el8.1
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.
Security Fix(es):
* haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes (CVE-2020-11100)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-11100
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Solution:
Update packages.
CVEs:
CVE-2020-11100
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Additional Info:
N/A
Download:
SRPMS
- haproxy-1.8.15-6.el8.1.src.rpm
MD5: 011df9e0ca3565e7edf6960c0963a576
SHA-256: b31a04f064685f2ab04a1a7f46f86a931e0d75134fe437943d984f5c2f9464a2
Size: 2.01 MB
Asianux Server 8 for x86_64
- haproxy-1.8.15-6.el8.1.x86_64.rpm
MD5: 496a0972d60673976f3c8e7ea26c602e
SHA-256: d649e6844a37de117805b035af968e67caf35909f33f2eba302975321ffd0dbe
Size: 1.32 MB