| Summary: | net-proxy/haproxy: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | IN_PROGRESS --- | ||
| Severity: | trivial | CC: | idl0r |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://jvn.jp/en/jp/JVN38170084/ | ||
| Whiteboard: | ~3 [stable] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2023-04-26 03:14:17 UTC
CVE-2023-0056 (https://access.redhat.com/security/cve/CVE-2023-0056): An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. ... but, there's an upstream bug in haproxy: https://github.com/haproxy/haproxy/issues/1972 Are we affected? >Does this vulnerability affect older branches? No >Are we affected? Some old versions are still in the repo. Waiting for stabilizing via bug 894526 and bug 900737 (In reply to Christian Ruppert (idl0r) from comment #2) > >Does this vulnerability affect older branches? > No > > >Are we affected? > Some old versions are still in the repo. Waiting for stabilizing via bug > 894526 and bug 900737 So, what are the fixed versions for the purposes of this bug? |