diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-08-17 22:28:19 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-08-17 22:28:19 +0200 |
| commit | 0ef64561227e59f8f24772a07d8b7a05db0d0e31 (patch) | |
| tree | ccd432a463acfde5c0b7f128166eb7531851fccc | |
| parent | 8c03058321f784ff8c1eb42ae1f47bcec24a5fc4 (diff) | |
[DSA 4960-1] haproxy security update
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
| -rw-r--r-- | english/security/2021/dsa-4960.data | 13 | ||||
| -rw-r--r-- | english/security/2021/dsa-4960.wml | 28 |
2 files changed, 41 insertions, 0 deletions
diff --git a/english/security/2021/dsa-4960.data b/english/security/2021/dsa-4960.data new file mode 100644 index 00000000000..bb318d5ddf0 --- /dev/null +++ b/english/security/2021/dsa-4960.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-4960-1 haproxy</define-tag> +<define-tag report_date>2021-8-17</define-tag> +<define-tag secrefs>not yet assigned</define-tag> +<define-tag packages>haproxy</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2021/dsa-4960.wml b/english/security/2021/dsa-4960.wml new file mode 100644 index 00000000000..e7686b178e6 --- /dev/null +++ b/english/security/2021/dsa-4960.wml @@ -0,0 +1,28 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Several vulnerabilities were discovered in HAProxy, a fast and reliable +load balancing reverse proxy, which can result in HTTP request +smuggling. By carefully crafting HTTP/2 requests, it is possible to +smuggle another HTTP request to the backend selected by the HTTP/2 +request. With certain configurations, it allows an attacker to send an +HTTP request to a backend, circumventing the backend selection logic.</p> + +<p>Known workarounds are to disable HTTP/2 and set +"tune.h2.max-concurrent-streams" to 0 in the <q>global</q> section.</p> + + <p>global + tune.h2.max-concurrent-streams 0</p> + +<p>For the stable distribution (bullseye), these problems have been fixed in +version 2.2.9-2+deb11u1.</p> + +<p>We recommend that you upgrade your haproxy packages.</p> + +<p>For the detailed security status of haproxy please refer to its security +tracker page at: +<a href="https://security-tracker.debian.org/tracker/haproxy">https://security-tracker.debian.org/tracker/haproxy</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2021/dsa-4960.data" +# $Id: $ |