Red Hat Product Errata RHSA-2020:1725 - Security Advisory

Issued:: 2020-04-28
Updated:: 2020-04-28

RHSA-2020:1725 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: haproxy security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for haproxy is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.

The following packages have been upgraded to a later upstream version: haproxy (1.8.23). (BZ#1774745)

Security Fix(es):

haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value (CVE-2019-18277)
haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks (CVE-2019-19330)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

Fixes

BZ - 1759697 - CVE-2019-18277 haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value
BZ - 1774745 - Rebase haproxy to latest upstream for RHEL 8.2
BZ - 1777584 - CVE-2019-19330 haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks
BZ - 1778844 - haproxy status failed after stopping the service

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
s390x
haproxy-1.8.23-3.el8.s390x.rpm	SHA-256: 6269da1a288aa48d24609b64e7b22bb59bdc46be6563653ee68d14958c5dd3f1
haproxy-debuginfo-1.8.23-3.el8.s390x.rpm	SHA-256: 52633473dcb4c1e2f268cf0327ef8c4e8079f7039da48b84798dd30402bd74f2
haproxy-debugsource-1.8.23-3.el8.s390x.rpm	SHA-256: d6aaac06d815005eedb064808f5931ae6efbb59573c8ab8f3b55f5af56b94e9b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
s390x
haproxy-1.8.23-3.el8.s390x.rpm	SHA-256: 6269da1a288aa48d24609b64e7b22bb59bdc46be6563653ee68d14958c5dd3f1
haproxy-debuginfo-1.8.23-3.el8.s390x.rpm	SHA-256: 52633473dcb4c1e2f268cf0327ef8c4e8079f7039da48b84798dd30402bd74f2
haproxy-debugsource-1.8.23-3.el8.s390x.rpm	SHA-256: d6aaac06d815005eedb064808f5931ae6efbb59573c8ab8f3b55f5af56b94e9b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
s390x
haproxy-1.8.23-3.el8.s390x.rpm	SHA-256: 6269da1a288aa48d24609b64e7b22bb59bdc46be6563653ee68d14958c5dd3f1
haproxy-debuginfo-1.8.23-3.el8.s390x.rpm	SHA-256: 52633473dcb4c1e2f268cf0327ef8c4e8079f7039da48b84798dd30402bd74f2
haproxy-debugsource-1.8.23-3.el8.s390x.rpm	SHA-256: d6aaac06d815005eedb064808f5931ae6efbb59573c8ab8f3b55f5af56b94e9b

Red Hat Enterprise Linux for Power, little endian 8

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
ppc64le
haproxy-1.8.23-3.el8.ppc64le.rpm	SHA-256: c1f931b143095e532051b60cc9c5cbc12d30c7468bb134e0199adaf0186447d8
haproxy-debuginfo-1.8.23-3.el8.ppc64le.rpm	SHA-256: 264a27815ed10f95f196d95efa0719190d2220d8fa8dedd16db9b176043c7d72
haproxy-debugsource-1.8.23-3.el8.ppc64le.rpm	SHA-256: d8ef3078f0428766ba605aaea351a8189d1cc4447485e26cdc0c000285f495bc

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
ppc64le
haproxy-1.8.23-3.el8.ppc64le.rpm	SHA-256: c1f931b143095e532051b60cc9c5cbc12d30c7468bb134e0199adaf0186447d8
haproxy-debuginfo-1.8.23-3.el8.ppc64le.rpm	SHA-256: 264a27815ed10f95f196d95efa0719190d2220d8fa8dedd16db9b176043c7d72
haproxy-debugsource-1.8.23-3.el8.ppc64le.rpm	SHA-256: d8ef3078f0428766ba605aaea351a8189d1cc4447485e26cdc0c000285f495bc

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
ppc64le
haproxy-1.8.23-3.el8.ppc64le.rpm	SHA-256: c1f931b143095e532051b60cc9c5cbc12d30c7468bb134e0199adaf0186447d8
haproxy-debuginfo-1.8.23-3.el8.ppc64le.rpm	SHA-256: 264a27815ed10f95f196d95efa0719190d2220d8fa8dedd16db9b176043c7d72
haproxy-debugsource-1.8.23-3.el8.ppc64le.rpm	SHA-256: d8ef3078f0428766ba605aaea351a8189d1cc4447485e26cdc0c000285f495bc

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

Red Hat Enterprise Linux for ARM 64 8

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
aarch64
haproxy-1.8.23-3.el8.aarch64.rpm	SHA-256: b157dde03fdb031e56e10ce6309e93fc211dd680875ee2612e18fed2ae42cc73
haproxy-debuginfo-1.8.23-3.el8.aarch64.rpm	SHA-256: 4b53769d10df691abf86862da6d799c7c07d8c78dc7734f2a707f9e227f2181e
haproxy-debugsource-1.8.23-3.el8.aarch64.rpm	SHA-256: f3d96ffffcef074c9a88e205fc4c141cd18d2315d1bc93e07726be980d6faa9e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
aarch64
haproxy-1.8.23-3.el8.aarch64.rpm	SHA-256: b157dde03fdb031e56e10ce6309e93fc211dd680875ee2612e18fed2ae42cc73
haproxy-debuginfo-1.8.23-3.el8.aarch64.rpm	SHA-256: 4b53769d10df691abf86862da6d799c7c07d8c78dc7734f2a707f9e227f2181e
haproxy-debugsource-1.8.23-3.el8.aarch64.rpm	SHA-256: f3d96ffffcef074c9a88e205fc4c141cd18d2315d1bc93e07726be980d6faa9e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
aarch64
haproxy-1.8.23-3.el8.aarch64.rpm	SHA-256: b157dde03fdb031e56e10ce6309e93fc211dd680875ee2612e18fed2ae42cc73
haproxy-debuginfo-1.8.23-3.el8.aarch64.rpm	SHA-256: 4b53769d10df691abf86862da6d799c7c07d8c78dc7734f2a707f9e227f2181e
haproxy-debugsource-1.8.23-3.el8.aarch64.rpm	SHA-256: f3d96ffffcef074c9a88e205fc4c141cd18d2315d1bc93e07726be980d6faa9e

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
ppc64le
haproxy-1.8.23-3.el8.ppc64le.rpm	SHA-256: c1f931b143095e532051b60cc9c5cbc12d30c7468bb134e0199adaf0186447d8
haproxy-debuginfo-1.8.23-3.el8.ppc64le.rpm	SHA-256: 264a27815ed10f95f196d95efa0719190d2220d8fa8dedd16db9b176043c7d72
haproxy-debugsource-1.8.23-3.el8.ppc64le.rpm	SHA-256: d8ef3078f0428766ba605aaea351a8189d1cc4447485e26cdc0c000285f495bc

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
ppc64le
haproxy-1.8.23-3.el8.ppc64le.rpm	SHA-256: c1f931b143095e532051b60cc9c5cbc12d30c7468bb134e0199adaf0186447d8
haproxy-debuginfo-1.8.23-3.el8.ppc64le.rpm	SHA-256: 264a27815ed10f95f196d95efa0719190d2220d8fa8dedd16db9b176043c7d72
haproxy-debugsource-1.8.23-3.el8.ppc64le.rpm	SHA-256: d8ef3078f0428766ba605aaea351a8189d1cc4447485e26cdc0c000285f495bc

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2

SRPM
haproxy-1.8.23-3.el8.src.rpm	SHA-256: ef984b58881956c3bf4bfd711edada79bedd4a50a751946a82c6f1cebe189a85
x86_64
haproxy-1.8.23-3.el8.x86_64.rpm	SHA-256: c5f5ba82859c07cea110c65e2a0349110a18bf5ed0ed161d63cd8068d2237416
haproxy-debuginfo-1.8.23-3.el8.x86_64.rpm	SHA-256: 4bf8c11a286a80aeb9ac096c2170ec8fb5d330a980283a69481555ee3f71f450
haproxy-debugsource-1.8.23-3.el8.x86_64.rpm	SHA-256: 2d98450f4e2b785e11089289c64ac2361db314ac54dc2fc41d59a8f12d88b4ad

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.