Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 662900 (CVE-2018-11469)

Summary: <net-proxy/haproxy-1.8.13: information disclosure in check_request_for_cacheability function in proto_http.c (CVE-2018-11469)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: bertrand, idl0r, ppc
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa cve]
Package list:
net-proxy/haproxy-1.8.13
 Runtime testing required: ---
Bug Depends on: 668002    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2018-08-05 23:31:17 UTC 
CVE-2018-11469 (https://nvd.nist.gov/vuln/detail/CVE-2018-11469):
  Incorrect caching of responses to requests including an Authorization header
  in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to
  achieve information disclosure via an unauthenticated remote request,
  related to the proto_http.c check_request_for_cacheability function.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-05 23:32:44 UTC 
@ Maintainer(s): Can we start stabilization of =net-proxy/haproxy-1.8.13?
Comment 2 Christian Ruppert (idl0r) gentoo-dev 2018-08-06 07:05:32 UTC 
Yeah, feel free to stabilize 1.8.13.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-06 22:21:32 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2018-08-07 08:50:52 UTC 
amd64 stable
Comment 5 Markus Meier gentoo-dev 2018-08-22 04:58:20 UTC 
arm stable