Lucene search

CentOS ProjectCESA-2014:1292

HistorySep 24, 2014 - 3:09 p.m.

haproxy security update

2014-09-2415:09:39

CentOS Project

lists.centos.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.056

Percentile

93.3%

JSON

CentOS Errata and Security Advisory CESA-2014:1292

HAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.

A buffer overflow flaw was discovered in the way HAProxy handled, under
very specific conditions, data uploaded from a client. A remote attacker
could possibly use this flaw to crash HAProxy. (CVE-2014-6269)

All haproxy users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-September/082746.html

Affected packages:
haproxy

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1292

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64haproxy< 1.5.2-3.el7_0haproxy-1.5.2-3.el7_0.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	haproxy	< 1.5.2-3.el7_0	haproxy-1.5.2-3.el7_0.x86_64.rpm

References

steadfast.net/

rhn.redhat.com/errata/RHSA-2014-1292.html

twitter.com/centos

www.facebook.com/groups/centosproject/

www.linkedin.com/groups/22405

www.reddit.com/r/CentOS/

youtube.com/TheCentOSProject

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.056

Percentile

93.3%

JSON

Related for CESA-2014:1292