drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in HAProxy
Name: |
Ausführen beliebiger Kommandos in HAProxy |
|
ID: |
USN-4321-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 19.10 |
|
Datum: |
Di, 7. April 2020, 16:52 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100 |
|
Applikationen: |
HAproxy |
|
Originalnachricht |
--===============5474757010222597729== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="C7zPtVaVf+AK4Oqc" Content-Disposition: inline
--C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4321-1 April 07, 2020
haproxy vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10 - Ubuntu 18.04 LTS
Summary:
HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 request.
Software Description: - haproxy: fast and reliable load balancing reverse proxy
Details:
Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: haproxy 2.0.5-1ubuntu0.4
Ubuntu 18.04 LTS: haproxy 1.8.8-1ubuntu0.10
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4321-1 CVE-2020-11100
Package Information: https://launchpad.net/ubuntu/+source/haproxy/2.0.5-1ubuntu0.4 https://launchpad.net/ubuntu/+source/haproxy/1.8.8-1ubuntu0.10
--C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl6MetUACgkQRbznW4QL H2kpkQ//RW+BWsW5JrqSvms0q4IBQsX8gAeoN5O1t2RED9oLw46kqzpIhNrQaWQE pNJkuMvDRFCRn+gObd2sZhwQE7MTvfE1Fv3xfA2FIKfGzkSsGve9sAIaHjkm2Xas zBGMxQ95v+InH0zo8m/O1pSZzdwkixdPJAXBf94Q2hDPh2zYc7Cypy2DGzqUU/A5 zuqOV8XbMC1Ij+Vxb3QsZ4PjDCMxkxaK8A4/gTRqIF7GBqvrkfvthEJgDZsKGEY6 Opmdg071lu3zCLFnjTM/xkj5/kEFGNINSVKzKSW5e6787c9VscstxdvWqJJ/yNZS Mp0rINCNwOgwm1wYgxd5dpnmxeOrYDBjXJTHX6Emsqkxywg/R/jUlld7Lo6VEgAd 2O9VIIpfmiLUjVFb5xxYTaB3myzfZh7mJpE+QSmzzOqub9bJ8lZgoqM4LZJjA2Vk K5Pzut/LccG6+UGY8WNk+Dx84H3yByTcI/6fiOmliqyWETpX2pW6EXiG8tYJEpyD pWajS2hhsdDCmF1ajvzXDsD5DsoH4DtVyI4KTYQUhmPEMEfxKPRB/wCpLm/1L56l 1owlX0Hy6h/HjpNgoD9CQ1X7ebxYb026kbhvdlcU8cOlp+PFkwt5bNqaGkp72vtE L9U4nHduXP3HzIRUZEjbhjoyP3Q03ixmtuDk/4dXrcu8t3A49nM= =3PZI -----END PGP SIGNATURE-----
--C7zPtVaVf+AK4Oqc--
--===============5474757010222597729== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|