Bug 31557 - haproxy new security issues CVE-2023-0056 and CVE-2023-25725
Summary: haproxy new security issues CVE-2023-0056 and CVE-2023-25725
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Bruno Cornec
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-15 17:41 CET by David Walser
Modified: 2023-04-17 14:54 CEST (History)
1 user (show)

See Also:
Source RPM: haproxy-2.6.7-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-02-15 17:41:30 CET 
Debian has issued an advisory on February 14:
https://www.debian.org/security/2023/dsa-5348

The issues are fixed upstream in 2.6.9.
Comment 1 David Walser 2023-02-15 17:45:43 CET 
Ubuntu has issued an advisory for the second issue on February 14:
https://ubuntu.com/security/notices/USN-5869-1
Comment 2 Bruno Cornec 2023-02-16 15:06:09 CET 
2.6.9 pushed to cauldron.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Bruno Cornec 2023-02-16 15:06:26 CET

CC: (none) => bruno

Comment 3 David Walser 2023-04-17 14:54:02 CEST 
This update also fixed CVE-2023-0836:
https://www.debian.org/security/2023/dsa-5388
Note You need to log in before you can comment on or make changes to this bug.