Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 7 Jul 2015 16:42:22 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-3281 HAProxy information leak vulnerability

Hi,

I think this should be brought in here, from the news section on the
HAProxy website:

http://www.haproxy.org/news.html

"July, 3rd, 2015 : 1.5.14 : fixes an information leak vulnerability
(CVE-2015-3281) 

A vulnerability was found when HTTP pipelining is used.  In some cases,
a client might be able to cause a buffer alignment issue and retrieve
uninitialized memory contents that exhibit data from a past request or
session.  I want to address sincere congratulations to Charlie
Smurthwaite of aTech Media for the really detailed traces he provided
which made it possible to find the cause of this bug.  Every user of
1.5-dev, 1.5.x or 1.6-dev must upgrade to 1.5.14 or latest 1.6-dev
snapshot to fix this issue, or use the backport of the fix provided by
their operating system vendors.  CVE-2015-3281 was assigned to this bug."

Fix:

http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4

CVE:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3281

"The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and
1.6-dev does not properly realign a buffer that is used for pending
outgoing data, which allows remote attackers to obtain sensitive
information (uninitialized memory contents of previous requests) via a
crafted request."

Debian and Ubuntu have already sent out advisories.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.