Re: CVE-2021-40346 (haproxy 2.x)
Thanks for the heads up Gregor, we'll rebuild systemvmtemplates for 4.16/main branch. Regards. From: Wei ZHOU Sent: Friday, September 10, 2021 18:28 To: dev@cloudstack.apache.org Subject: Re: CVE-2021-40346 (haproxy 2.x) Hi Greg, Thanks for the info. It is good that our systemvm templates are not impacted. CloudStack 4.15.1 systemvm template uses haproxy 1.8.19. CloudStack 4.16 systemvm template uses haproxy 2.2.9, but it is not officially released yet. -Wei On Fri, 10 Sept 2021 at 14:22, Riepl, Gregor (SWISS TXT) < gregor.ri...@swisstxt.ch> wrote: > Hi, > > Are you aware of https://nvd.nist.gov/vuln/detail/CVE-2021-40346 ? > Haproxy 2.0 through 2.5 has a vulnerability that can be exploited to > smuggle requests to backend systems. > > If the CloudStack VR is using one of these versions, it should be patched > everywhere ASAP. > > Regards, > Greg >
Re: CVE-2021-40346 (haproxy 2.x)
Hi Greg, Thanks for the info. It is good that our systemvm templates are not impacted. CloudStack 4.15.1 systemvm template uses haproxy 1.8.19. CloudStack 4.16 systemvm template uses haproxy 2.2.9, but it is not officially released yet. -Wei On Fri, 10 Sept 2021 at 14:22, Riepl, Gregor (SWISS TXT) < gregor.ri...@swisstxt.ch> wrote: > Hi, > > Are you aware of https://nvd.nist.gov/vuln/detail/CVE-2021-40346 ? > Haproxy 2.0 through 2.5 has a vulnerability that can be exploited to > smuggle requests to backend systems. > > If the CloudStack VR is using one of these versions, it should be patched > everywhere ASAP. > > Regards, > Greg >
CVE-2021-40346 (haproxy 2.x)
Hi, Are you aware of https://nvd.nist.gov/vuln/detail/CVE-2021-40346 ? Haproxy 2.0 through 2.5 has a vulnerability that can be exploited to smuggle requests to backend systems. If the CloudStack VR is using one of these versions, it should be patched everywhere ASAP. Regards, Greg