openSUSE Security Update : haproxy (openSUSE-2019-824)

medium Nessus Plugin ID 123348

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for haproxy to version 1.8.14 fixes the following issues :

These security issues were fixed :

- CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpack_valid_idx() that resulted in a remote crash and denial of service (bsc#1108683)

- CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header allowed attackers to achieve information disclosure via an unauthenticated remote request (bsc#1094846).

These non-security issues were fixed :

- Require apparmor-abstractions to reduce dependencies (bsc#1100787)

- hpack: fix improper sign check on the header index value

- cli: make sure the 'getsock' command is only called on connections

- tools: fix set_net_port() / set_host_port() on IPv4

- patterns: fix possible double free when reloading a pattern list

- server: Crash when setting FQDN via CLI.

- kqueue: Don't reset the changes number by accident.

- snapshot: take the proxy's lock while dumping errors

- http/threads: atomically increment the error snapshot ID

- dns: check and link servers' resolvers right after config parsing

- h2: fix risk of memory leak on malformated wrapped frames

- session: fix reporting of handshake processing time in the logs

- stream: use atomic increments for the request counter

- thread: implement HA_ATOMIC_XADD()

- ECC cert should work with TLS < v1.2 and openssl >= 1.1.1

- dns/server: fix incomatibility between SRV resolution and server state file

- hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.

- thread: lua: Wrong SSL context initialization.

- hlua: Make sure we drain the output buffer when done.

- lua: reset lua transaction between http requests

- mux_pt: dereference the connection with care in mux_pt_wake()

- lua: Bad HTTP client request duration.

- unix: provide a ->drain() function

- Fix spelling error in configuration doc

- cli/threads: protect some server commands against concurrent operations

- cli/threads: protect all 'proxy' commands against concurrent updates

- lua: socket timeouts are not applied

- ssl: Use consistent naming for TLS protocols

- dns: explain set server ... fqdn requires resolver

- map: fix map_regm with backref

- ssl: loading dh param from certifile causes unpredictable error.

- ssl: fix missing error loading a keytype cert from a bundle.

- ssl: empty connections reported as errors.

- cli: make 'show fd' thread-safe

- hathreads: implement a more flexible rendez-vous point

- threads: fix the no-thread case after the change to the sync point

- threads: add more consistency between certain variables in no-thread case

- threads: fix the double CAS implementation for ARMv7

- threads: Introduce double-width CAS on x86_64 and arm.

- lua: possible CLOSE-WAIT state with '\n' headers

For additional changes please refer to the changelog.

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected haproxy packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1094846

https://bugzilla.opensuse.org/show_bug.cgi?id=1100787

https://bugzilla.opensuse.org/show_bug.cgi?id=1108683

Plugin Details

Severity: Medium

ID: 123348

File Name: openSUSE-2019-824.nasl

Version: 1.4

Type: local

Agent: unix

Published: 3/27/2019

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-11469

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:haproxy-debugsource, p-cpe:/a:novell:opensuse:haproxy, p-cpe:/a:novell:opensuse:haproxy-debuginfo, cpe:/o:novell:opensuse:15.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/23/2019

Vulnerability Publication Date: 5/25/2018

Reference Information

CVE: CVE-2018-11469, CVE-2018-14645