drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in HAProxy
| Name: |
Ausführen beliebiger Kommandos in HAProxy |
|
| ID: |
USN-4321-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 19.10 |
|
| Datum: |
Di, 7. April 2020, 16:52 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100 |
|
| Applikationen: |
HAproxy |
|
Originalnachricht |
--===============5474757010222597729==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="C7zPtVaVf+AK4Oqc"
Content-Disposition: inline
--C7zPtVaVf+AK4Oqc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-4321-1
April 07, 2020
haproxy vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
HAProxy could be made to execute arbitrary code if it received a specially
crafted HTTP/2 request.
Software Description:
- haproxy: fast and reliable load balancing reverse proxy
Details:
Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2
requests.
An attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
haproxy 2.0.5-1ubuntu0.4
Ubuntu 18.04 LTS:
haproxy 1.8.8-1ubuntu0.10
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4321-1
CVE-2020-11100
Package Information:
https://launchpad.net/ubuntu/+source/haproxy/2.0.5-1ubuntu0.4
https://launchpad.net/ubuntu/+source/haproxy/1.8.8-1ubuntu0.10
--C7zPtVaVf+AK4Oqc
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl6MetUACgkQRbznW4QL
H2kpkQ//RW+BWsW5JrqSvms0q4IBQsX8gAeoN5O1t2RED9oLw46kqzpIhNrQaWQE
pNJkuMvDRFCRn+gObd2sZhwQE7MTvfE1Fv3xfA2FIKfGzkSsGve9sAIaHjkm2Xas
zBGMxQ95v+InH0zo8m/O1pSZzdwkixdPJAXBf94Q2hDPh2zYc7Cypy2DGzqUU/A5
zuqOV8XbMC1Ij+Vxb3QsZ4PjDCMxkxaK8A4/gTRqIF7GBqvrkfvthEJgDZsKGEY6
Opmdg071lu3zCLFnjTM/xkj5/kEFGNINSVKzKSW5e6787c9VscstxdvWqJJ/yNZS
Mp0rINCNwOgwm1wYgxd5dpnmxeOrYDBjXJTHX6Emsqkxywg/R/jUlld7Lo6VEgAd
2O9VIIpfmiLUjVFb5xxYTaB3myzfZh7mJpE+QSmzzOqub9bJ8lZgoqM4LZJjA2Vk
K5Pzut/LccG6+UGY8WNk+Dx84H3yByTcI/6fiOmliqyWETpX2pW6EXiG8tYJEpyD
pWajS2hhsdDCmF1ajvzXDsD5DsoH4DtVyI4KTYQUhmPEMEfxKPRB/wCpLm/1L56l
1owlX0Hy6h/HjpNgoD9CQ1X7ebxYb026kbhvdlcU8cOlp+PFkwt5bNqaGkp72vtE
L9U4nHduXP3HzIRUZEjbhjoyP3Q03ixmtuDk/4dXrcu8t3A49nM=
=3PZI
-----END PGP SIGNATURE-----
--C7zPtVaVf+AK4Oqc--
--===============5474757010222597729==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|
