Ubuntu
haproxy package

HAProxy CVE http://seclists.org/oss-sec/2013/q2/581

Asked by Keri Meredith on 2013-07-22

Per HAProxy site, all 1.4 versions should be upgraded. http://haproxy.1wt.eu/ Or does this not include using HAProxy on Ubuntu for some reason?

Question information

Language:: English Edit question

Status:: Solved

For:: Ubuntu haproxy Edit question

Assignee:: No assignee Edit question

Solved by:: Keri Meredith

Solved:: 2013-07-22

Last query:: 2013-07-22

Last reply:: 2013-07-22

Link existing bug

Revision history for this message

actionparsnip (andrew-woodhead666) said on 2013-07-22:

I suggest you report a bug. If the bug and security fixes are significant it will be upgraded sooner. Packages are not upgraded simply because new versions are released.

Revision history for this message

Keri Meredith (kmeredith) said on 2013-07-22:

Thanks - one of our developers pointed me to this:

http://changelogs.ubuntu.com/changelogs/pool/main/h/haproxy/haproxy_1.4.18-0ubuntu1.2/changelog
... which shows that the CVE was taken care of -
haproxy (1.4.18-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: denial of service in HTTP header parsing
    - debian/patches/CVE-2013-2175.patch: properly calculate the header
      field count in src/proto_http.c.
    - CVE-2013-2175

(It was a little confusing to me since I was looking for 1.4.24, which is what http://haproxy.1wt.eu/ points me to.)

Ubuntuhaproxy package

HAProxy CVE http://seclists.org/oss-sec/2013/q2/581

Question information

Related bugs

Related FAQ:

Subscribers

Ubuntu
haproxy package