[Buildroot] [PATCH] package/haproxy: security bump to version 2.4.4
Peter Korsgaard
peter at korsgaard.com
Sun Sep 12 19:08:17 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2021-40346: An integer overflow exists in HAProxy 2.0 through 2.5 in
> the htx_add_header() can be exploited to perform an HTTP request smuggling
> attack, allowing an attacker to bypass all configured http-request HAProxy
> ACLs and possibly other ACLs.
> For more details, see the advisory:
> https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2021.08.x, thanks. For 2021.02.x and 2021.05.x I have
bumped to 2.2.17 instead which contains the same fix.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list