You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa haproxy

Sigurnosni nedostatak programskog paketa haproxy

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-11255
2015-07-10 16:32:23
——————————————————————————–

Name : haproxy
Product : Fedora 21
Version : 1.5.14
Release : 1.fc21
URL : http://www.haproxy.org/
Summary : HAProxy reverse proxy for high availability environments
Description :
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
– route HTTP requests depending on statically assigned cookies
– spread load among several servers while assuring server persistence
through the use of HTTP cookies
– switch to backup servers in the event a main one fails
– accept connections to special ports dedicated to service monitoring
– stop accepting connections without breaking existing ones
– add, modify, and delete HTTP headers in both directions
– block requests matching particular patterns
– report detailed status to authenticated users from a URI
intercepted from the application

——————————————————————————–
Update Information:

Security fix for CVE-2015-3281
——————————————————————————–
ChangeLog:

* Mon Jul 6 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.14-1
– Update to 1.5.14 (CVE-2015-3281, #1239181)
* Fri Jun 26 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.13-1
– Update to 1.5.13 (#1236056)
* Tue May 5 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.12-1
– Update to 1.5.12 (#1217922)
* Wed Mar 4 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.11-4
– Rework systemd service and sysconfig file
* Wed Feb 11 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.11-3
– Add sysconfig file
* Tue Feb 10 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.11-2
– Add tcp-ut bind option to set TCP_USER_TIMEOUT (#1190783)
* Sun Feb 1 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.11-1
– Update to 1.5.11 (#1188029)
* Mon Jan 5 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.10-1
– Update to 1.5.10
* Mon Dec 1 2014 Ryan O’Hara <rohara@redhat.com> – 1.5.9-1
– Update to 1.5.9
——————————————————————————–
References:

[ 1 ] Bug #1239072 – CVE-2015-3281 haproxy: information leak in buffer_slow_realign()
https://bugzilla.redhat.com/show_bug.cgi?id=1239072
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update haproxy’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-11267
2015-07-10 16:33:25
——————————————————————————–

Name : haproxy
Product : Fedora 22
Version : 1.5.14
Release : 1.fc22
URL : http://www.haproxy.org/
Summary : HAProxy reverse proxy for high availability environments
Description :
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
– route HTTP requests depending on statically assigned cookies
– spread load among several servers while assuring server persistence
through the use of HTTP cookies
– switch to backup servers in the event a main one fails
– accept connections to special ports dedicated to service monitoring
– stop accepting connections without breaking existing ones
– add, modify, and delete HTTP headers in both directions
– block requests matching particular patterns
– report detailed status to authenticated users from a URI
intercepted from the application

——————————————————————————–
Update Information:

Security fix for CVE-2015-3281
——————————————————————————–
ChangeLog:

* Mon Jul 6 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.14-1
– Update to 1.5.14 (CVE-2015-3281, #1239181)
* Fri Jun 26 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.13-1
– Update to 1.5.13 (#1236056)
* Tue May 5 2015 Ryan O’Hara <rohara@redhat.com> – 1.5.12-1
– Update to 1.5.12 (#1217922)
——————————————————————————–
References:

[ 1 ] Bug #1239072 – CVE-2015-3281 haproxy: information leak in buffer_slow_realign()
https://bugzilla.redhat.com/show_bug.cgi?id=1239072
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update haproxy’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarko Stanec
Cert idNCERT-REF-2015-07-0012-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Ranjivost programskog paketa tcp

Otkrivena je ranjivost u tehnici za virtualiziranje mrežnog stoga - VNET unutar programskog paketa tcp za FreeBSD. Potencijalni napadač ranjivost...

Close