-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4968-1
security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2021
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : haproxy
CVE ID : CVE-2021-40346
Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, could result in request smuggling attacks or response splitting attacks.
Additionally this update addresses #993303 introduced in DSA 4960-1
causing HAProxy to fail serving URLs with HTTP/2 containing '//'.
For the stable distribution (bullseye), this problem has been fixed in
version 2.2.9-2+deb11u2.
We recommend that you upgrade your haproxy packages.
For the detailed security status of haproxy please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/haproxy
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmE30edfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QPzQ//Xl1VpOHuAwqodHnEx3DSP172eZ6lD3Mdrs+GXscbkCXTMHduSXGnSGA3 N1IrN8Wt1bfvxybqdR3CLTehTzmgBJLGEz8Ub5gu0IJ2o1edyiqpZBDhZvDSCPFC iFHWucZ2asOb9c/rCapTi7AD+S7NpC5AnIGfNhUHYWnFwR7Id8gHvd9JaHUGrInh P4T5lzY70fvNFPrSye7CQFPcSScHOe29i7igKXZmV+FxvnYEYJyavf6ijwGTJF87 e1lJAm8er9bQZp3GLzkbI3bRUDmO+IgGX+H3Qz/PxbU23PhyDN91QVWCY/CX11nN yH4evBchPM1ap2o8hPZYpUYUznYekOA1CfYxTcuP5oc9QFMEzHMNUVhSihsjGA4Y fCxFmdhcQzTLI7GcZTkSB2k0CikF4ncH7aqtM7oK2z/CM/uJeVO1WzRtvyJKuD72 Lv6PwQ/AbMa/dKYzROyQE0vDzRd23UzlQzg1npbpHlfPYXOgyfIRLCIfBPatyGrR snpdsNnGejesNmsbxCBwQGz2jsrgSqMe1qkho9ebK3aeaSA1lRe+WXV87NYH2wZi JOQH9JjqXCwkH/JDoOBWasOAhyKPs4jv1JT2L2iXCNVbFcgklnc+iaUgafYV9tob QMoc5oZREvgkpu+TOOTOBmrOw4sDfEOgcNf3G1sBBFKS4ds5wv0=
=8IRe
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)