Red Hat Customer Portal

Skip to main content

Security Advisory Moderate: haproxy security update

Advisory: RHSA-2014:1292-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-09-24
Last updated on: 2014-09-24
Affected Products: Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2014-6269

Details

An updated haproxy package that fixes one security issue is now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

HAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.

A buffer overflow flaw was discovered in the way HAProxy handled, under
very specific conditions, data uploaded from a client. A remote attacker
could possibly use this flaw to crash HAProxy. (CVE-2014-6269)

All haproxy users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Server (v. 7)

SRPMS:
haproxy-1.5.2-3.el7_0.src.rpm
File outdated by:  RHBA-2016:2470
    MD5: da2a47fcd16fcd89d1b85443763fb0b5
SHA-256: 050c8f42f85d160cd0ba9dd4a0603974d45af29f479c9c763d4b825ae5b74c15
 
x86_64:
haproxy-1.5.2-3.el7_0.x86_64.rpm
File outdated by:  RHBA-2016:2470
    MD5: 61d0b1080fcbec2450c1761d431d7bee
SHA-256: 095ee505799c004ec21f1ff658b30e43f3e205c86af2922dbf7015c5d1d38cd6
haproxy-debuginfo-1.5.2-3.el7_0.x86_64.rpm
File outdated by:  RHBA-2016:2470
    MD5: fd2ce2446a9933ff6419b7f0cb527c90
SHA-256: 9a71fb109c38b6338d7e96e8beb88c02ed42fcd45cc14da4744f9e8b2308168c
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
haproxy-1.5.2-3.el7_0.src.rpm
File outdated by:  RHBA-2016:2470
    MD5: da2a47fcd16fcd89d1b85443763fb0b5
SHA-256: 050c8f42f85d160cd0ba9dd4a0603974d45af29f479c9c763d4b825ae5b74c15
 
x86_64:
haproxy-1.5.2-3.el7_0.x86_64.rpm
File outdated by:  RHBA-2016:2470
    MD5: 61d0b1080fcbec2450c1761d431d7bee
SHA-256: 095ee505799c004ec21f1ff658b30e43f3e205c86af2922dbf7015c5d1d38cd6
haproxy-debuginfo-1.5.2-3.el7_0.x86_64.rpm
File outdated by:  RHBA-2016:2470
    MD5: fd2ce2446a9933ff6419b7f0cb527c90
SHA-256: 9a71fb109c38b6338d7e96e8beb88c02ed42fcd45cc14da4744f9e8b2308168c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1136552 - CVE-2014-6269 haproxy: remote client denial of service vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/