29381 – haproxy new security issues CVE-2021-3924[0-2]

Bug 29381 - haproxy new security issues CVE-2021-3924[0-2]

Summary: haproxy new security issues CVE-2021-3924[0-2]

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Bruno Cornec
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-08-18 16:19 CEST by David Walser
Modified:	2021-08-21 20:53 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	haproxy-2.4.2-5.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-08-18 16:19:38 CEST

Debian and Ubuntu have issued advisories on August 17:
https://www.debian.org/security/2021/dsa-4960
https://ubuntu.com/security/notices/USN-5042-1

The issues are fixed upstream in 2.4.3:
https://www.haproxy.com/blog/august-2021-haproxy-2-0-http-2-vulnerabilities-fixed/
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html

David Walser 2021-08-18 16:19:46 CEST

Status comment: (none) => Fixed upstream in 2.4.3

Comment 1 David Walser 2021-08-21 20:53:09 CEST

haproxy-2.4.3-1.mga9 uploaded for Cauldron by Jani.

Resolution: (none) => FIXED
CC: (none) => jani.valimaa
Status: NEW => RESOLVED
Status comment: Fixed upstream in 2.4.3 => (none)

Note You need to log in before you can comment on or make changes to this bug.