==========================================================================
Ubuntu Security Notice USN-4321-1
April 07, 2020
haproxy vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.10
– Ubuntu 18.04 LTS
Summary:
HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 request.
Software Description:
– haproxy: fast and reliable load balancing reverse proxy
Details:
Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests.
An attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
haproxy 2.0.5-1ubuntu0.4
Ubuntu 18.04 LTS:
haproxy 1.8.8-1ubuntu0.10
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4321-1
CVE-2020-11100
Package Information:
https://launchpad.net/ubuntu/+source/haproxy/2.0.5-1ubuntu0.4
https://launchpad.net/ubuntu/+source/haproxy/1.8.8-1ubuntu0.10
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl6MetUACgkQRbznW4QL
H2kpkQ//RW+BWsW5JrqSvms0q4IBQsX8gAeoN5O1t2RED9oLw46kqzpIhNrQaWQE
pNJkuMvDRFCRn+gObd2sZhwQE7MTvfE1Fv3xfA2FIKfGzkSsGve9sAIaHjkm2Xas
zBGMxQ95v+InH0zo8m/O1pSZzdwkixdPJAXBf94Q2hDPh2zYc7Cypy2DGzqUU/A5
zuqOV8XbMC1Ij+Vxb3QsZ4PjDCMxkxaK8A4/gTRqIF7GBqvrkfvthEJgDZsKGEY6
Opmdg071lu3zCLFnjTM/xkj5/kEFGNINSVKzKSW5e6787c9VscstxdvWqJJ/yNZS
Mp0rINCNwOgwm1wYgxd5dpnmxeOrYDBjXJTHX6Emsqkxywg/R/jUlld7Lo6VEgAd
2O9VIIpfmiLUjVFb5xxYTaB3myzfZh7mJpE+QSmzzOqub9bJ8lZgoqM4LZJjA2Vk
K5Pzut/LccG6+UGY8WNk+Dx84H3yByTcI/6fiOmliqyWETpX2pW6EXiG8tYJEpyD
pWajS2hhsdDCmF1ajvzXDsD5DsoH4DtVyI4KTYQUhmPEMEfxKPRB/wCpLm/1L56l
1owlX0Hy6h/HjpNgoD9CQ1X7ebxYb026kbhvdlcU8cOlp+PFkwt5bNqaGkp72vtE
L9U4nHduXP3HzIRUZEjbhjoyP3Q03ixmtuDk/4dXrcu8t3A49nM=
=3PZI
—–END PGP SIGNATURE—–
—