FS#49638 - [haproxy] CVE-2016-5360 http: fix breakage of "reqdeny" causing random crashes

Attached to Project: Community Packages
Opened by zless (roentgen) - Thursday, 09 June 2016, 18:30 GMT
Last edited by Johannes Löthberg (demize) - Friday, 10 June 2016, 10:22 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Johannes Löthberg (demize)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

This is a remote denial of service against haproxy.
The problem was apparently introduced in haproxy 1.6.0, and is fixed in git (which will become 1.6.6).

http://www.openwall.com/lists/oss-security/2016/06/09/5
http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b

Would be nice if the patch is applied to the Archlinux package.
This task depends upon

Closed by  Johannes Löthberg (demize)
Friday, 10 June 2016, 10:22 GMT
Reason for closing:  Fixed
Additional comments about closing:  1.6.5-4

Loading...