USN-6294-1: HAProxy vulnerability
16 August 2023
HAProxy could allow unintended access to network services.
Releases
Packages
- haproxy - fast and reliable load balancing reverse proxy
Details
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length
headers. A remote attacker could possibly use this issue to manipulate the
payload and bypass certain restrictions.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 22.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6294-2: haproxy, vim-haproxy, haproxy-doc