Synopsis: Moderate: haproxy security update
Advisory ID: SLSA-2013:0868-1
Issue Date: 2013-05-28
CVE Numbers: CVE-2013-1912
—
A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP
requests. A remote attacker could send pipelined HTTP requests that would
cause HAProxy to crash or, potentially, execute arbitrary code with the
privileges of the user running HAProxy. This issue only affected systems
using all of the following combined configuration options: HTTP keep alive
enabled, HTTP keywords in TCP inspection rules, and request appending
rules. (CVE-2013-1912)
—
SL6
x86_64
haproxy-1.4.22-4.el6_4.x86_64.rpm
haproxy-debuginfo-1.4.22-4.el6_4.x86_64.rpm
i386
haproxy-1.4.22-4.el6_4.i686.rpm
haproxy-debuginfo-1.4.22-4.el6_4.i686.rpm
The following packages were added for dependency resolution
SL6
x86_64
setup-2.8.14-20.el6.noarch.rpm
i386
setup-2.8.14-20.el6.noarch.rpm
– Scientific Linux Development Team
