Debian Security Advisory
DSA-2711-1 haproxy -- several vulnerabilities
- Date Reported:
- 19 Jun 2013
- Affected Packages:
- haproxy
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-2942, CVE-2013-1912, CVE-2013-2175.
- More information:
-
Multiple security issues have been found in HAProxy, a load-balancing reverse proxy:
- CVE-2012-2942
Buffer overflow in the header capture code.
- CVE-2013-1912
Buffer overflow in the HTTP keepalive code.
- CVE-2013-2175
Denial of service in parsing HTTP headers.
For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.8-1+squeeze1.
The stable distribution (wheezy) doesn't contain haproxy.
For the unstable distribution (sid), these problems have been fixed in version 1.4.24-1.
We recommend that you upgrade your haproxy packages.
- CVE-2012-2942