Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character (#). A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "haproxy", "binary_version": "1.6.3-1ubuntu0.3+esm1" }, { "binary_name": "haproxy-dbg", "binary_version": "1.6.3-1ubuntu0.3+esm1" }, { "binary_name": "haproxy-dbgsym", "binary_version": "1.6.3-1ubuntu0.3+esm1" }, { "binary_name": "haproxy-doc", "binary_version": "1.6.3-1ubuntu0.3+esm1" }, { "binary_name": "vim-haproxy", "binary_version": "1.6.3-1ubuntu0.3+esm1" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "haproxy", "binary_version": "1.8.8-1ubuntu0.13+esm2" }, { "binary_name": "haproxy-dbgsym", "binary_version": "1.8.8-1ubuntu0.13+esm2" }, { "binary_name": "haproxy-doc", "binary_version": "1.8.8-1ubuntu0.13+esm2" }, { "binary_name": "vim-haproxy", "binary_version": "1.8.8-1ubuntu0.13+esm2" } ] }