Summary: | <net-proxy/haproxy-1.5.14: Information leak vulnerability (CVE-2015-3281) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bertrand, idl0r |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2015/q3/61 | ||
Whiteboard: | B4 [noglsa/cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 554048 | ||
Bug Blocks: |
Description
Kristian Fiskerstrand (RETIRED)
2015-07-07 17:47:47 UTC
1.5.14 has just been added. (In reply to Christian Ruppert (idl0r) from comment #1) > 1.5.14 has just been added. Thanks, please call arches when ready for stabilization CVE-2015-3281 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3281): The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. @Arches, please stabilize =net-proxy/haproxy-1.5.14 amd64 stable x86 stable ppc stable. Maintainer(s), please cleanup. Security, please vote. Vote: no. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). |