First published: Tue Apr 07 2020(Updated: )
Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/haproxy | <2.0.5-1ubuntu0.4 | 2.0.5-1ubuntu0.4 |
Ubuntu Ubuntu | =19.10 | |
All of | ||
ubuntu/haproxy | <1.8.8-1ubuntu0.10 | 1.8.8-1ubuntu0.10 |
Ubuntu Ubuntu | =18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this HAProxy vulnerability is USN-4321-1.
The severity of the HAProxy vulnerability is not specified in the provided information. Please refer to the references for more details.
An attacker can exploit the HAProxy vulnerability by sending certain malicious HTTP/2 requests.
To fix this HAProxy vulnerability in Ubuntu 19.10, update the HAProxy package to version 2.0.5-1ubuntu0.4 or later.
To fix this HAProxy vulnerability in Ubuntu 18.04, update the HAProxy package to version 1.8.8-1ubuntu0.10 or later.