RHSA-2020:1936

Description

Red Hat Security Advisory: OpenShift Container Platform 4.4.3 haproxy security update

CVSS Metrics

• v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•haproxy

  < 0:2.0.13-3.el7 | < 0:2.0.13-3.el8

• redhat•haproxy-debuginfo

  < 0:2.0.13-3.el7

• redhat•haproxy-debugsource

  < 0:2.0.13-3.el8

• redhat•haproxy20

  < 0:2.0.13-3.el7 | < 0:2.0.13-3.el8

• redhat•haproxy20-debuginfo

  < 0:2.0.13-3.el8

References (19)

• https://access.redhat.com/errata/RHSA-2020:1936
• https://access.redhat.com/security/updates/classification/#moderate
• https://bugzilla.redhat.com/show_bug.cgi?id=1759697
• https://bugzilla.redhat.com/show_bug.cgi?id=1777584
• https://bugzilla.redhat.com/show_bug.cgi?id=1819111
• https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1936.json
• https://access.redhat.com/security/cve/CVE-2019-18277
• https://www.cve.org/CVERecord?id=CVE-2019-18277
• https://nvd.nist.gov/vuln/detail/CVE-2019-18277
• https://access.redhat.com/security/cve/CVE-2019-19330
• https://www.cve.org/CVERecord?id=CVE-2019-19330
• https://nvd.nist.gov/vuln/detail/CVE-2019-19330
• https://access.redhat.com/security/cve/CVE-2020-11100
• https://access.redhat.com/security/vulnerabilities/haproxy
• https://www.cve.org/CVERecord?id=CVE-2020-11100
• https://nvd.nist.gov/vuln/detail/CVE-2020-11100
• https://bugs.chromium.org/p/project-zero/issues/detail?id=2023
• https://www.haproxy.com/blog/haproxy-1-8-http-2-hpack-decoder-vulnerability-fixed/
• https://www.mail-archive.com/haproxy@formilux.org/msg36876.html