-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5388-1
security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2023
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : haproxy
CVE ID : CVE-2023-0836
It was reported that HAProxy, a fast and reliable load balancing reverse
proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this
flaw to cause an information leak.
For the stable distribution (bullseye), this problem has been fixed in
version 2.2.9-2+deb11u5.
We recommend that you upgrade your haproxy packages.
For the detailed security status of haproxy please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/haproxy
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQ4YxlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RA+g/8C9B17OgAEYmOivNLX/0SmHC0WQft66LH5a3lrr+xgncSO6h7REzVlgMX IffI+RnTxTuHH0sMb8S1rYsAfaHeAHGzXOEKiooPVwMix3TMTR6mocv5D1V4smTi I8JWZSDIzPLKn1EYKQDXxg8wz6nEVsc5njF8SAcWZ1fDDLgbbVtUEY9SL2dkGLF+ QlsGWnsseN6AzNfVm7vYIdTzSFbc1Hd3mnlL+uIolhKkGLtQ+iMTLxWjxu1n4MqI Yh3VR/f2BUVez9JP3GZ/BOEZU/M3b91QYjmY2OghAlNBBXlL/jMmbZAAAfFukIK1 JIb23iLac/bjv6e8yixwLX0q+t0j4ZTpxmln+iiIPLSZ/1IBYXOvf6nrP/cIueGq wlMFdD6qRm7s8cIsx4Gw8bb+ge9zUCOdkX0uPzLDRWul3e+69fdmWazcmDXIFOrg Bcp5cp4i33r0+T338rimyN4Q6CyqYQ756gf5mK8kq/vVLI4qyLYmVjZj2eAUI6EP WptxP0UKUarFtpYsc2XRRFb66bxaRTf1yuPvR3aRJKnBW4+KnuiTho1J5wa/HaK5 51NWwbgmICsbGsfI5/S0cHpYcvdSRG5SAZavFGUT/dIlsOD4OdjevHGnN021AYP1 +EqLuX8Zsq5DQKh3s/yUsl6svTTBOiXZxVer9DLYD+D4yuqkqIc=
=6SUU
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)