CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
71.4%
CentOS Errata and Security Advisory CESA-2015:1741
HAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.
An implementation error related to the memory management of request and
responses was found within HAProxy’s buffer_slow_realign() function.
An unauthenticated remote attacker could possibly use this flaw to leak
certain memory buffer contents from a past request or session.
(CVE-2015-3281)
All haproxy users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-September/083538.html
https://lists.centos.org/pipermail/centos-announce/2015-September/083540.html
Affected packages:
haproxy
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1741
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | haproxy | <Â 1.5.4-2.el6_7.1 | haproxy-1.5.4-2.el6_7.1.i686.rpm |
CentOS | 6 | x86_64 | haproxy | <Â 1.5.4-2.el6_7.1 | haproxy-1.5.4-2.el6_7.1.x86_64.rpm |
CentOS | 7 | x86_64 | haproxy | <Â 1.5.4-4.el7_1.1 | haproxy-1.5.4-4.el7_1.1.x86_64.rpm |