haproxy-1.8.27-5.el8_10.1

エラータID: AXSA:2024-8984:02

Release date: 
Tuesday, November 12, 2024 - 17:50
Subject: 
haproxy-1.8.27-5.el8_10.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.

Security Fix(es):

* haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (CVE-2023-45539)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-45539
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Solution: 

Update packages.

CVEs: 
CVE-2023-45539
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
Additional Info: 

N/A

Download: 

SRPMS
  1. haproxy-1.8.27-5.el8_10.1.src.rpm
    MD5: 6e3c2688a43ca9b32e63d5be0eb7d935
    SHA-256: d05135b0c3ffd24681c20e61a568cc19d94c5edd75208f117b76b9160edd9596
    Size: 2.15 MB

Asianux Server 8 for x86_64
  1. haproxy-1.8.27-5.el8_10.1.x86_64.rpm
    MD5: 86e847036ee70bd6c71828c3250d59f8
    SHA-256: b0aa8c66d6ec24707412b0865ff3e8b6546dc7f878fbabc18c565c0896065c7e
    Size: 1.42 MB