- Issued:
- 2013-11-20
- Updated:
- 2013-11-20
RHBA-2013:1619 - Bug Fix Advisory
Synopsis
haproxy bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Updated haproxy packages that fix several bugs and add various enhancements are
now available for Red Hat Enterprise Linux 6.
Description
The haproxy packages provide a reliable, high-performance network load balancer
for TCP and HTTP-based applications. It is particularly suited for web sites
crawling under very high loads while needing persistence or Layer7 processing.
The haproxy packages have been upgraded to upstream version 1.4.24, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#947987)
This update fixes the following bug:
- Previously, the setuid() and setgid() functions did not work properly. As a
consequence, the HAProxy load balancer failed to drop supplementary groups
correctly after attempting to drop root privileges. The behavior of the
functions has been modified, and HAProxy now drops all supplementary groups as
expected. (BZ#903303)
In addition, this update adds the following enhancement:
- With this update, support for TPROXY has been added to the haproxy packages.
TPROXY simplifies management tasks of clients behind proxy firewalls. Also,
transparent proxying makes the presence of the proxy invisible to the user.
(BZ#921064)
Users of haproxy are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.
Solution
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat Enterprise Linux Load Balancer (for RHEL Server) 6 x86_64
- Red Hat Enterprise Linux Load Balancer (for RHEL Server) 6 i386
- Red Hat Enterprise Linux Load Balancer (for RHEL Server) from RHUI 6 x86_64
- Red Hat Enterprise Linux Load Balancer (for RHEL Server) from RHUI 6 i386
Fixes
- BZ - 903303 - haproxy: Fails to properly drop supplementary groups after setuid / setgid calls
- BZ - 921064 - RFE: TPROXY support for the new haproxy package
- BZ - 947987 - haproxy: Rebase to upstream version 1.4.24
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Load Balancer (for RHEL Server) 6
| SRPM | |
|---|---|
| haproxy-1.4.24-2.el6.src.rpm | SHA-256: 7ddbcd5a960af75c4592dbb745cad324f02243296587fe7ae7ca378f2444081f |
| x86_64 | |
| haproxy-1.4.24-2.el6.x86_64.rpm | SHA-256: d00116f2aeaa761dd51ccc309a7f3689718bf285c8cbed9d2b4baa24d8e115f2 |
| haproxy-debuginfo-1.4.24-2.el6.x86_64.rpm | SHA-256: f608cfa7fa3583606c7111c5beb9ce7750d4177a0e7f926fe1b22beceecc4807 |
| i386 | |
| haproxy-1.4.24-2.el6.i686.rpm | SHA-256: e685b5ec6685c742ba9ad10d6145f7dc4efc35f72d7a522967528079d86fae24 |
| haproxy-debuginfo-1.4.24-2.el6.i686.rpm | SHA-256: 58583ea641be688ae25ce971100eaa77f95023ab62e4c5d0c82ef068565b1c49 |
Red Hat Enterprise Linux Load Balancer (for RHEL Server) from RHUI 6
| SRPM | |
|---|---|
| haproxy-1.4.24-2.el6.src.rpm | SHA-256: 7ddbcd5a960af75c4592dbb745cad324f02243296587fe7ae7ca378f2444081f |
| x86_64 | |
| haproxy-1.4.24-2.el6.x86_64.rpm | SHA-256: d00116f2aeaa761dd51ccc309a7f3689718bf285c8cbed9d2b4baa24d8e115f2 |
| haproxy-debuginfo-1.4.24-2.el6.x86_64.rpm | SHA-256: f608cfa7fa3583606c7111c5beb9ce7750d4177a0e7f926fe1b22beceecc4807 |
| i386 | |
| haproxy-1.4.24-2.el6.i686.rpm | SHA-256: e685b5ec6685c742ba9ad10d6145f7dc4efc35f72d7a522967528079d86fae24 |
| haproxy-debuginfo-1.4.24-2.el6.i686.rpm | SHA-256: 58583ea641be688ae25ce971100eaa77f95023ab62e4c5d0c82ef068565b1c49 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.