diff options
author | Mark Felder <feld@FreeBSD.org> | 2015-07-07 14:54:12 +0000 |
---|---|---|
committer | Mark Felder <feld@FreeBSD.org> | 2015-07-07 14:54:12 +0000 |
commit | 2bf9cf596319c11d75ef8f29978df555755e7382 (patch) | |
tree | 7cd095e002659438655a9e44df2af0afcfc0a236 | |
parent | - Rename sysutils/docker -> sysutils/docker-freebsd since it isn't (diff) |
Document haproxy information leak
Security: CVE-2015-3281
Notes
Notes:
svn path=/head/; revision=391507
-rw-r--r-- | security/vuxml/vuln.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c7a4fe87d801..f9d4e1f13c5a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,42 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="cbfa8bd7-24b6-11e5-86ff-14dae9d210b8"> + <topic>haproxy -- information leak vulnerability</topic> + <affects> + <package> + <name>haproxy</name> + <range><ge>1.5.0</ge><lt>1.5.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>HAProxy reports:</p> + <blockquote cite="http://www.haproxy.org/news.html"> + <p>A vulnerability was found when HTTP pipelining is used. In + some cases, a client might be able to cause a buffer alignment issue and + retrieve uninitialized memory contents that exhibit data from a past + request or session. I want to address sincere congratulations to Charlie + Smurthwaite of aTech Media for the really detailed traces he provided + which made it possible to find the cause of this bug. Every user of + 1.5-dev, 1.5.x or 1.6-dev must upgrade to 1.5.14 or latest 1.6-dev + snapshot to fix this issue, or use the backport of the fix provided by + their operating system vendors. CVE-2015-3281 was assigned to this bug.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.haproxy.org/news.html</url> + <url>http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4</url> + <mlist>http://seclists.org/oss-sec/2015/q3/61</mlist> + <cvename>CVE-2015-3281</cvename> + </references> + <dates> + <discovery>2015-07-02</discovery> + <entry>2015-07-07</entry> + </dates> + </vuln> + <vuln vid="038a5808-24b3-11e5-b0c8-bf4d8935d4fa"> <topic>roundcube - multiple vulnerabilities</topic> <affects> |