Summary: | <net-proxy/haproxy-{2.2.29, 2.4.22}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | bertrand, idl0r |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 894526 | ||
Bug Blocks: |
Description
Sam James
2023-02-15 03:42:31 UTC
Fixed versions are already in the tree. Feel free to stabilize: net-proxy/haproxy-2.2.29 net-proxy/haproxy-2.4.22 (In reply to Christian Ruppert (idl0r) from comment #1) > Fixed versions are already in the tree. Feel free to stabilize: > net-proxy/haproxy-2.2.29 > net-proxy/haproxy-2.4.22 Thanks! CVE-2023-0836 (https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=2e6bf0a): An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. Please clean up the vulnerable version 2.4.18. |