Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 7 Jul 2015 16:42:22 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-3281 HAProxy information leak vulnerability

Hi,

I think this should be brought in here, from the news section on the
HAProxy website:

http://www.haproxy.org/news.html

"July, 3rd, 2015 : 1.5.14 : fixes an information leak vulnerability
(CVE-2015-3281) 

A vulnerability was found when HTTP pipelining is used.  In some cases,
a client might be able to cause a buffer alignment issue and retrieve
uninitialized memory contents that exhibit data from a past request or
session.  I want to address sincere congratulations to Charlie
Smurthwaite of aTech Media for the really detailed traces he provided
which made it possible to find the cause of this bug.  Every user of
1.5-dev, 1.5.x or 1.6-dev must upgrade to 1.5.14 or latest 1.6-dev
snapshot to fix this issue, or use the backport of the fix provided by
their operating system vendors.  CVE-2015-3281 was assigned to this bug."

Fix:

http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4

CVE:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3281

"The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and
1.6-dev does not properly realign a buffer that is used for pending
outgoing data, which allows remote attackers to obtain sensitive
information (uninitialized memory contents of previous requests) via a
crafted request."

Debian and Ubuntu have already sent out advisories.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.