OPENSUSE-SU-2019:2645-1

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2019-18277
Published: 04 Dec 2019, 19:14
Last modified:07 May 2025, 18:10

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

04 Dec 2019, 19:14
Published
Vulnerability first disclosed
07 May 2025, 18:10
Last Modified
Vulnerability information updated

Description

Security update for haproxy This update for haproxy to version 2.0.10 fixes the following issues: HAProxy was updated to 2.0.10 Security issues fixed: - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' (bsc#1154980). - Fixed an improper handling of headers which could have led to injecting LFs in H2-to-H1 transfers creating new attack space (bsc#1157712) - Fixed an issue where HEADER frames in idle streams are not rejected and thus trying to decode them HAPrpxy crashes (bsc#1157714). Other issue addressed: - Macro change in the spec file (bsc#1082318) More information regarding the release at: http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e This update was imported from the SUSE:SLE-15-SP1:Update update project.

Affected Systems

  • opensusehaproxy&distro=openSUSE Leap 15.1

    < 2.0.10+git0.ac198b92-lp151.2.6.1

References (6)