HAProxy: Multiple vulnerabilities — GLSA 201307-01

Multiple vulnerabilities have been found in HAProxy, allowing attackers to execute arbitrary code or cause Denial of Service.

Affected Packages

net-proxy/haproxy on all architectures
Affected versions < 1.4.24
Unaffected versions >= 1.4.24

Background

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

Description

Multiple vulnerabilities have been discovered in HAProxy. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All HAProxy users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-proxy/haproxy-1.4.24"
 

References

Release Date
July 11, 2013

Latest Revision
July 11, 2013: 1

Severity
high

Exploitable
remote

Bugzilla entries