Security update for haproxy SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0044-1 Final 1 1 2019-03-23T10:45:51Z current 2019-03-23T10:45:51Z 2019-03-23T10:45:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for haproxy This update for haproxy to version 1.8.15 fixes the following issues: Security issues fixed: - CVE-2018-20102: Fixed an out-of-bounds read in dns_validate_dns_response(), which allowed for memory disclosure (bsc#1119368) - CVE-2018-20103: Fixed an infinite recursion via crafted packet allows stack exhaustion and denial of service (bsc#1119419) Other notable bug fixes: - Fix off-by-one write in dns_validate_dns_response() - Fix out-of-bounds read via signedness error in dns_validate_dns_response() - Prevent out-of-bounds read in dns_validate_dns_response() - Prevent out-of-bounds read in dns_read_name() - Prevent stack-exhaustion via recursion loop in dns_read_name For a full list of changes, please refer to: https://www.haproxy.org/download/1.8/src/CHANGELOG This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-44 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZXJ2LKYAOHD67OUI6IBBWM5LXXB753E/#TZXJ2LKYAOHD67OUI6IBBWM5LXXB753E E-Mail link for openSUSE-SU-2019:0044-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1119368 SUSE Bug 1119368 https://bugzilla.suse.com/1119419 SUSE Bug 1119419 https://www.suse.com/security/cve/CVE-2018-20102/ SUSE CVE CVE-2018-20102 page https://www.suse.com/security/cve/CVE-2018-20103/ SUSE CVE CVE-2018-20103 page openSUSE Leap 15.0 haproxy-1.8.15~git0.6b6a350a-lp150.2.6.1 haproxy-1.8.15~git0.6b6a350a-lp150.2.6.1 as a component of openSUSE Leap 15.0 An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. CVE-2018-20102 openSUSE Leap 15.0:haproxy-1.8.15~git0.6b6a350a-lp150.2.6.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZXJ2LKYAOHD67OUI6IBBWM5LXXB753E/#TZXJ2LKYAOHD67OUI6IBBWM5LXXB753E https://www.suse.com/security/cve/CVE-2018-20102.html CVE-2018-20102 https://bugzilla.suse.com/1119368 SUSE Bug 1119368 An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. CVE-2018-20103 openSUSE Leap 15.0:haproxy-1.8.15~git0.6b6a350a-lp150.2.6.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZXJ2LKYAOHD67OUI6IBBWM5LXXB753E/#TZXJ2LKYAOHD67OUI6IBBWM5LXXB753E https://www.suse.com/security/cve/CVE-2018-20103.html CVE-2018-20103 https://bugzilla.suse.com/1119419 SUSE Bug 1119419