Bug Fix Advisory haproxy bug fix and enhancement update

Advisory: RHBA-2013:1619-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-11-20
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Load Balancer (v. 6)

Details

Updated haproxy packages that fix several bugs and add various enhancements are
now available for Red Hat Enterprise Linux 6.

The haproxy packages provide a reliable, high-performance network load balancer
for TCP and HTTP-based applications. It is particularly suited for web sites
crawling under very high loads while needing persistence or Layer7 processing.

The haproxy packages have been upgraded to upstream version 1.4.24, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#947987)

This update fixes the following bug:

* Previously, the setuid() and setgid() functions did not work properly. As a
consequence, the HAProxy load balancer failed to drop supplementary groups
correctly after attempting to drop root privileges. The behavior of the
functions has been modified, and HAProxy now drops all supplementary groups as
expected. (BZ#903303)

In addition, this update adds the following enhancement:

* With this update, support for TPROXY has been added to the haproxy packages.
TPROXY simplifies management tasks of clients behind proxy firewalls. Also,
transparent proxying makes the presence of the proxy invisible to the user.
(BZ#921064)

Users of haproxy are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.


Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Load Balancer (v. 6)

SRPMS:
haproxy-1.4.24-2.el6.src.rpm
File outdated by:  RHBA-2017:0721
    MD5: 9304e14d2d3f4bb5ef05accc6c0f55a8
SHA-256: 7ddbcd5a960af75c4592dbb745cad324f02243296587fe7ae7ca378f2444081f
 
IA-32:
haproxy-1.4.24-2.el6.i686.rpm
File outdated by:  RHBA-2017:0721
    MD5: d193077b19e09b2f6bea3c48e5ebf10f
SHA-256: e685b5ec6685c742ba9ad10d6145f7dc4efc35f72d7a522967528079d86fae24
haproxy-debuginfo-1.4.24-2.el6.i686.rpm
File outdated by:  RHBA-2017:0721
    MD5: 3c8c709804bb1eed541132623c7b6037
SHA-256: 58583ea641be688ae25ce971100eaa77f95023ab62e4c5d0c82ef068565b1c49
 
x86_64:
haproxy-1.4.24-2.el6.x86_64.rpm
File outdated by:  RHBA-2017:0721
    MD5: 9b14e218020b5a78614417851ecb6f9c
SHA-256: d00116f2aeaa761dd51ccc309a7f3689718bf285c8cbed9d2b4baa24d8e115f2
haproxy-debuginfo-1.4.24-2.el6.x86_64.rpm
File outdated by:  RHBA-2017:0721
    MD5: 924907e27a1b106676a485ab7369ec6d
SHA-256: f608cfa7fa3583606c7111c5beb9ce7750d4177a0e7f926fe1b22beceecc4807
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

903303 - haproxy: Fails to properly drop supplementary groups after setuid / setgid calls
921064 - RFE: TPROXY support for the new haproxy package
947987 - haproxy: Rebase to upstream version 1.4.24



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/