About haproxy and CVE-2019-14241

To: debian-user@lists.debian.org
Subject: About haproxy and CVE-2019-14241
From: Martin <keine-eile@online.de>
Date: Wed, 24 Jul 2019 10:05:49 +0200
Message-id: <[🔎] b72fb7a3-5f14-fa46-b264-de7efe634c20@online.de>

Hi list,

I've received an advisory issued by one of my client's CERT. It is about haproxy and CVE-2019-14241:

"HAProxy contains a flaw in the htx_manage_client_side_cookies() function in proto_htx.c that is triggered when handling certain threads. This may allow a remote attacker to cause a denial of service."

At MITRE, this CVE exists, but I did not get any about it from the DSA or oss-security list. Does one of you know about more this?

Martin

Reply to:

Follow-Ups:
- Re: About haproxy and CVE-2019-14241
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: Threading; was Re: HTTP shimmed to HTTPS
Next by Date: Re: About haproxy and CVE-2019-14241
Previous by thread: Re: Threading; was Re: HTTP shimmed to HTTPS
Next by thread: Re: About haproxy and CVE-2019-14241
Index(es):
- Date
- Thread