[SECURITY] [DLA 4135-1] haproxy security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4135-1] haproxy security update
From: Adrian Bunk <bunk@debian.org>
Date: Wed, 23 Apr 2025 23:28:13 +0300
Message-id: <aAlNXQy1/he2gREh@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4135-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 23, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : haproxy
Version        : 2.2.9-2+deb11u7
CVE ID         : CVE-2025-32464
Debian Bug     : 1102673

A heap buffer overflow in sample_conv_regsub() has been fixed in the 
load balancing reverse proxy HAProxy.

For Debian 11 bullseye, this problem has been fixed in version
2.2.9-2+deb11u7.

We recommend that you upgrade your haproxy packages.

For the detailed security status of haproxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/haproxy

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmgJTVkACgkQiNJCh6LY
mLEyWQ/8Danh1JEgXni8B7i6uFSwmemPNAV6jPQioWNwD7G7h3gEw03ay2le1pgZ
QMzIFI8Xkxhd7C0geAwWowrmtGEZKNCbXqevmPX1tMnl27m/XqGEnoFAwg2NbD4+
BFdh//bLJNfC0erJ7GUkgZxfs0+1D160HF2IMJvfM0oKLgJfCWClVu+em3jUB2Ut
m6GDTkRCSOwWlYYQJpQIn6CAU+bDApGA4g8oSIMLFEa0V7v7yhcq+yC8Zdq0ykes
/8ZrDV+/ZCu4M9THclCC5x7CIPtvpQofLgyXURAnkT/33B8wKceeAfpfyhta3acz
VNqguOAHOwU4bYdw4Q3BRYKGGPihguzWnv3fyAHgsEGFMbX6iT4js7JiQU25X2+3
FMOCQd/OdAxuPk6I1VrS6rx2Tb9R4aQXaZwP6O8yWQUsOKlc/utwOxhRYRO6PKL0
bBCaZ7EXoCF29taDY+USZxmmARjQlgnwWxy9Rw7DJpZ6x/XgrcQ0Mb24bYsjdIIj
/W5I3Yx5XDHTuDKNncWpqvtDIoBIlEY5cmmoI/v7HkTNAYxsCarDGapwDMSRR4JE
1MrbwQMdYqK+DI1u6GiljZtTXCs+ZPCoy1ttNiLZNeemMjFbfsEr+DpwCfRFdh0Q
azz5BJ6QhzH4G8osPAtLB9MTm23p99nIM10RkAMQcxX2hS4bLVQ=
=kaCU
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4134-1] fig2dev security update
Next by Date: [SECURITY] [DLA 4136-1] openrazer security update
Previous by thread: [SECURITY] [DLA 4134-1] fig2dev security update
Next by thread: [SECURITY] [DLA 4136-1] openrazer security update
Index(es):
- Date
- Thread