-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3688-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb December 14, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : haproxy Version : 1.8.19-1+deb10u5 CVE ID : CVE-2023-45539 It was discovered that there was a potential information disclosure vulnerability in HAProxy, a reverse proxy server used to load balance HTTP requests across multiple servers. HAProxy formerly accepted the "#" (ie. the "pound" or "hash") symbol as part of a URI component. This might have allowed remote attackers to obtain sensitive information upon HAProxy's misinterpretation of a "path_end" rule, such as by routing "index.html#.png" to a static server. For Debian 10 buster, this problem has been fixed in version 1.8.19-1+deb10u5. We recommend that you upgrade your haproxy packages. For the detailed security status of haproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/haproxy Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmV7C+0ACgkQHpU+J9Qx HliSSA//W8M/NG4A82eEMpgfTRlHHQzGlpw6t5oRlXfgx7fkTGQ6fH8JouKZQ6fq OgYiFB23945HuEe9RQx94bG4jYS1KDM6EfnzSERb3nFVuxvY5C/fybJPnesrqvTE l354E9PqO26LzDbUv5mVtg2d51ApMDfLyBPxyaqMQFJ4oBsGYTQEfcKVFTNRL2Bh ya0OCJ7Zqz3EHo3t59DigC5cIjCb4lKNQ8r6muo+icN0/4FpILq/rY2Dx5bZF1T1 UFSIGoslmecSuKxhw2TSjVp83EU/DKgWMkND/gq6QaPNqf7xDKPPl5xwEAGdpaun UsEaWPZfgVMiW79aVP9BkhzryqUjSOExfmi9zvQSB4Y7flN7f398N361Ua4oLeS5 4cQ8W7QPe7FqVgL5UjkETfhuaj+KF710Mj0ONFxfctXFN94A8cJl5UO587K4qsTT yZB0Cx2c3/pIyLzTi1w31qb1gHkEV5CyPYbApmiLyn6nl/P8AazqfU8IUfhH7UZS gqPqHnPsLwFoowMkgAY4PKC0wVpooBIQcdMURIeu0ggcfBKOCEiE3GHoM7mBOEWI RT3esaX65pduaxumneCGNtmJKHA97vbbhJfAzINXMe81WwNYKnnbuNuf8sQZuHLK OXiSuW66cvcU3sKty2WI50RArHBJndygTayHdQK63vFg5JVZnlE= =knb0 -----END PGP SIGNATURE-----