haproxy-1.4.22-5.AXS4

エラータID: AXSA:2013-584:02

Release date: 
Friday, August 2, 2013 - 11:34
Subject: 
haproxy-1.4.22-5.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

HAProxy is a free, fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with modern hardware. Its mode of operation makes integration with existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the net.

Security issues fixed with this release:

• CVE-2013-2175
No information available at the time of writing, please refer to the CVE link below.

Solution: 

Update packages.

CVEs: 
CVE-2013-2175
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.


Additional Info: 

N/A

Download: 

SRPMS
  1. haproxy-1.4.22-5.AXS4.src.rpm
    MD5: e608ff993b7d3706e22b05401a4d1475
    SHA-256: 5860e402e6355f145f09cb7197ea5970d9dc0eb2ef0f4400828fe60974bdb780
    Size: 816.69 kB

Asianux Server 4 for x86
  1. haproxy-1.4.22-5.AXS4.i686.rpm
    MD5: 60c2ddbf9a24662c8c83915cf7b90e46
    SHA-256: 1f247258b4571634fd55739f66801f5f150ae67a29b111558ee62a39e5d00a4d
    Size: 441.20 kB

Asianux Server 4 for x86_64
  1. haproxy-1.4.22-5.AXS4.x86_64.rpm
    MD5: 1d3ab95478ad38a71b3c694c4d168f14
    SHA-256: 76634f7c8b0600e37a1c0fa3771b6ea3647be152a046126fddee582c07747f70
    Size: 451.04 kB