Lucene search
SuseOPENSUSE-SU-2019:0044-1HistoryJan 12, 2019 - 12:00 a.m.
Security update for haproxy (important)
2019-01-1200:00:00
lists.opensuse.org
218
0.009 Low
EPSS
Percentile
82.5%
An update that fixes two vulnerabilities is now available.
Description:
This update for haproxy to version 1.8.15 fixes the following issues:
Security issues fixed:
- CVE-2018-20102: Fixed an out-of-bounds read in
dns_validate_dns_response(), which allowed for memory disclosure
(bsc#1119368) - CVE-2018-20103: Fixed an infinite recursion via crafted packet allows
stack exhaustion and denial of service (bsc#1119419)
Other notable bug fixes:
- Fix off-by-one write in dns_validate_dns_response()
- Fix out-of-bounds read via signedness error in
dns_validate_dns_response() - Prevent out-of-bounds read in dns_validate_dns_response()
- Prevent out-of-bounds read in dns_read_name()
- Prevent stack-exhaustion via recursion loop in dns_read_name
For a full list of changes, please refer to:
https://www.haproxy.org/download/1.8/src/CHANGELOG
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-44=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (x86_64): | - openSUSE Leap 15.0 (x86_64):.x86_64.rpm |
Related
fedora
fedora
[SECURITY] Fedora 28 Update: haproxy-1.8.17-1.fc28
2019-01-25 02:45:07
[SECURITY] Fedora 28 Update: haproxy-1.8.15-1.fc28
2019-01-11 02:59:52
[SECURITY] Fedora 29 Update: haproxy-1.8.15-1.fc29
2019-01-11 04:34:53
nessus
nessus
Photon OS 1.0: Haproxy PHSA-2019-1.0-0220
2019-05-15 00:00:00
openSUSE Security Update : haproxy (openSUSE-2019-44)
2019-01-14 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : HAProxy vulnerabilities (USN-3858-1)
2019-01-16 00:00:00
archlinux
archlinux
[ASA-201901-15] haproxy: denial of service
2019-01-24 00:00:00
openvas
openvas
openSUSE: Security Advisory for haproxy (openSUSE-SU-2019:0044-1)
2019-01-12 00:00:00
Fedora Update for haproxy FEDORA-2018-2abadd4469
2019-01-12 00:00:00
Debian: Security Advisory (DLA-3034-1)
2022-06-01 00:00:00
osv
osv
haproxy - security update
2022-05-30 00:00:00
CVE-2018-20103
2018-12-12 17:29:00
CVE-2018-20102
2018-12-12 17:29:00
debian
debian
[SECURITY] [DLA 3034-1] haproxy security update
2022-05-30 16:20:11
redhat
redhat
ubuntu
ubuntu
HAProxy vulnerabilities
2019-01-15 00:00:00
photon
photon
ibm
ibm
prion
prion
Stack overflow
2018-12-12 17:29:00
Design/Logic Flaw
2018-12-12 17:29:00
debiancve
debiancve
CVE-2018-20103
2018-12-12 17:29:00
CVE-2018-20102
2018-12-12 17:29:00
cve
cve
CVE-2018-20103
2018-12-12 17:29:00
CVE-2018-20102
2018-12-12 17:29:00
ubuntucve
ubuntucve
CVE-2018-20102
2018-12-12 00:00:00
CVE-2018-20103
2018-12-12 00:00:00
redhatcve
redhatcve
CVE-2018-20102
2020-04-09 10:51:19
CVE-2018-20103
2020-04-09 07:09:19
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:24:03
Information Disclosure
2019-05-16 03:24:02
nvd
nvd
CVE-2018-20102
2018-12-12 17:29:00
CVE-2018-20103
2018-12-12 17:29:00
checkpoint_advisories
checkpoint_advisories
HAProxy Compressed Name Denial of Service (CVE-2018-20103)
2019-04-16 00:00:00
cvelist
cvelist
CVE-2018-20103
2018-12-12 17:00:00
CVE-2018-20102
2018-12-12 17:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1851
2021-07-02 17:04:24