openSUSE-SU-2019:0044-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:0044-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2019:0044-1
- Related
- Published
- 2019-03-23T10:45:51Z
- Modified
- 2019-03-23T10:45:51Z
- Summary
- Security update for haproxy
- Details
-
This update for haproxy to version 1.8.15 fixes the following issues:
Security issues fixed:
- CVE-2018-20102: Fixed an out-of-bounds read in dnsvalidatedns_response(), which allowed for memory disclosure (bsc#1119368)
- CVE-2018-20103: Fixed an infinite recursion via crafted packet allows stack exhaustion and denial of service (bsc#1119419)
Other notable bug fixes:
- Fix off-by-one write in dnsvalidatedns_response()
- Fix out-of-bounds read via signedness error in dnsvalidatedns_response()
- Prevent out-of-bounds read in dnsvalidatedns_response()
- Prevent out-of-bounds read in dnsreadname()
- Prevent stack-exhaustion via recursion loop in dnsreadname
For a full list of changes, please refer to: https://www.haproxy.org/download/1.8/src/CHANGELOG
This update was imported from the SUSE:SLE-15:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZXJ2LKYAOHD67OUI6IBBWM5LXXB753E/#TZXJ2LKYAOHD67OUI6IBBWM5LXXB753E
- https://bugzilla.suse.com/1119368
- https://bugzilla.suse.com/1119419
- https://www.suse.com/security/cve/CVE-2018-20102
- https://www.suse.com/security/cve/CVE-2018-20103