Issued:: 2020-04-02
Updated:: 2020-04-02

RHSA-2020:1289 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: haproxy security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for haproxy is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.

Security Fix(es):

haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes (CVE-2020-11100)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

BZ - 1819111 - CVE-2020-11100 haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes

CVEs

CVE-2020-11100

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0

SRPM
haproxy-1.8.15-5.el8_0.1.src.rpm	SHA-256: 95d0292952a8de2fcb778821a5c4cf04106f1f0fe5ce50a2b3f37926b5d4447f
ppc64le
haproxy-1.8.15-5.el8_0.1.ppc64le.rpm	SHA-256: 4b15a8c38e2fd1960326c9bc766494cd1eeb0a3539c630ba982eb39a24b43a97
haproxy-debuginfo-1.8.15-5.el8_0.1.ppc64le.rpm	SHA-256: 08ab84835a947af492dc650b76da4c6eb22b7e044cdabaa7b0635139b38a9530
haproxy-debugsource-1.8.15-5.el8_0.1.ppc64le.rpm	SHA-256: f921e73a4f3b9a75d6e4f23ba03019d0c021752b59b99aafb3664fe5b51e4184

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
haproxy-1.8.15-5.el8_0.1.src.rpm	SHA-256: 95d0292952a8de2fcb778821a5c4cf04106f1f0fe5ce50a2b3f37926b5d4447f
x86_64
haproxy-1.8.15-5.el8_0.1.x86_64.rpm	SHA-256: 3a9a4f755957aff284ec3f8e2e661a4d3b077d46c45028d079847aa707ebfbda
haproxy-debuginfo-1.8.15-5.el8_0.1.x86_64.rpm	SHA-256: 11fa9e100b55822241de37ab4926de6d9d178e39c611616fe721b9cd16fdea19
haproxy-debugsource-1.8.15-5.el8_0.1.x86_64.rpm	SHA-256: f76029442e2fd08dd5e1ded13cd017be55f6902bca6302b285637e9b84085aaa

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation