USN-6530-2: HAProxy vulnerability
23 July 2024
HAProxy could be made to expose sensitive information.
Releases
Packages
- haproxy - fast and reliable load balancing reverse proxy
Details
Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled
URI components containing the hash character (#). A remote attacker could
possibly use this issue to obtain sensitive information, or to bypass
certain path_end rules.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
haproxy
-
1.8.8-1ubuntu0.13+esm2
Available with Ubuntu Pro
Ubuntu 16.04
-
haproxy
-
1.6.3-1ubuntu0.3+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6530-1: haproxy, haproxy-doc, vim-haproxy