From secunia at $URL: Description A vulnerability has been reported in HAProxy, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due a boundary error when copying data into the trash buffer and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code, but requires that the global.tune.bufsize configuration option is set to a value greater than the default and that header rewriting is configured e.g. via the reqrep or rsprep directives. The vulnerability is reported in version 1.4.20. Prior versions may also be affected. Solution Update to version 1.4.21.
1.4.21 has just been committed.
arches, please test and mark stable: =net-proxy/haproxy-1.4.21 target KEYWORDS : "amd64 ppc x86"
x86 stable
amd64 stable
No problems with it in production btw. *ping ppc*
ppc done
Thanks, folks. GLSA request filed.
CVE-2012-2942 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2942): Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
Duplicate CVE identifiers have been assigned to this issue. Red Hat has requested clarification/rejection from Mitre [1], but there has not been a response as of yet. [1] http://www.openwall.com/lists/oss-security/2012/05/28/1
(In reply to comment #9) > Duplicate CVE identifiers have been assigned to this issue. Red Hat has > requested clarification/rejection from Mitre [1], but there has not been a > response as of yet. > > [1] http://www.openwall.com/lists/oss-security/2012/05/28/1 Vulnerability Summary for CVE-2012-2391 Original release date:08/17/2012 Last revised:08/17/2012 Source: US-CERT/NIST Overview ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2942. Reason: This candidate is a duplicate of CVE-2012-2942. Notes: All CVE users should reference CVE-2012-2942 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
This issue was resolved and addressed in GLSA 201301-02 at http://security.gentoo.org/glsa/glsa-201301-02.xml by GLSA coordinator Sean Amoss (ackle).