662900 – (CVE-2018-11469) <net-proxy/haproxy-1.8.13: information disclosure in check_request_for_cacheability function in proto_http.c (CVE-2018-11469)

Bug 662900 (CVE-2018-11469) - <net-proxy/haproxy-1.8.13: information disclosure in check_request_for_cacheability function in proto_http.c (CVE-2018-11469)

Summary: <net-proxy/haproxy-1.8.13: information disclosure in check_request_for_cachea...

Status:	RESOLVED FIXED

Alias:	CVE-2018-11469

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa cve]
Keywords:

Depends on:	668002
Blocks:
	Show dependency tree

Reported:	2018-08-05 23:31 UTC by GLSAMaker/CVETool Bot
Modified:	2020-04-01 19:33 UTC (History)
CC List:	3 users (show)

See Also:
Package list:	net-proxy/haproxy-1.8.13
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2018-08-05 23:31:17 UTC

CVE-2018-11469 (https://nvd.nist.gov/vuln/detail/CVE-2018-11469):
  Incorrect caching of responses to requests including an Authorization header
  in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to
  achieve information disclosure via an unauthenticated remote request,
  related to the proto_http.c check_request_for_cacheability function.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-05 23:32:44 UTC

@ Maintainer(s): Can we start stabilization of =net-proxy/haproxy-1.8.13?

Comment 2 Christian Ruppert (idl0r) gentoo-dev

2018-08-06 07:05:32 UTC

Yeah, feel free to stabilize 1.8.13.

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-06 22:21:32 UTC

x86 stable

Comment 4 Agostino Sarubbo gentoo-dev

2018-08-07 08:50:52 UTC

amd64 stable

Comment 5 Markus Meier gentoo-dev

2018-08-22 04:58:20 UTC

arm stable