SUSE-SU-2019:0061-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 10 Jan 2019, 15:33
Last modified:04 Feb 2026, 04:10

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Jan 2019, 15:33
Published
Vulnerability first disclosed
04 Feb 2026, 04:10
Last Modified
Vulnerability information updated

Description

Security update for haproxy This update for haproxy to version 1.8.15 fixes the following issues: Security issues fixed: - CVE-2018-20102: Fixed an out-of-bounds read in dns_validate_dns_response(), which allowed for memory disclosure (bsc#1119368) - CVE-2018-20103: Fixed an infinite recursion via crafted packet allows stack exhaustion and denial of service (bsc#1119419) Other notable bug fixes: - Fix off-by-one write in dns_validate_dns_response() - Fix out-of-bounds read via signedness error in dns_validate_dns_response() - Prevent out-of-bounds read in dns_validate_dns_response() - Prevent out-of-bounds read in dns_read_name() - Prevent stack-exhaustion via recursion loop in dns_read_name For a full list of changes, please refer to: https://www.haproxy.org/download/1.8/src/CHANGELOG

Affected Systems

  • susehaproxy&distro=SUSE Linux Enterprise High Availability Extension 15

    < 1.8.15~git0.6b6a350a-3.6.2

References (5)