OPENSUSE-SU-2019:2626-1

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2019-18277
Published: 03 Dec 2019, 14:49
Last modified:04 Feb 2026, 02:43

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

03 Dec 2019, 14:49
Published
Vulnerability first disclosed
04 Feb 2026, 02:43
Last Modified
Vulnerability information updated

Description

Security update for haproxy This update for haproxy to version 2.0.10 fixes the following issues: HAProxy was updated to 2.0.10 Security issues fixed: - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' (bsc#1154980). - Fixed an improper handling of headers which could have led to injecting LFs in H2-to-H1 transfers creating new attack space (bsc#1157712) - Fixed an issue where HEADER frames in idle streams are not rejected and thus trying to decode them HAPrpxy crashes (bsc#1157714). Other issue addressed: - Macro change in the spec file (bsc#1082318) More information regarding the release at: http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e This update was imported from the SUSE:SLE-15:Update update project.

Affected Systems

  • opensusehaproxy&distro=openSUSE Leap 15.0

    < 2.0.10+git0.ac198b92-lp150.2.16.1

References (6)