Vulnerabilities > CVE-2018-20102 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
haproxy
canonical
redhat
CWE-125
nessus

Summary

An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.

Vulnerable Configurations

Part Description Count
Application
Haproxy
234
Application
Redhat
1
OS
Canonical
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0220_HAPROXY.NASL
    descriptionAn update of the haproxy package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id125157
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125157
    titlePhoton OS 1.0: Haproxy PHSA-2019-1.0-0220
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-1.0-0220. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125157);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/16");
    
      script_cve_id("CVE-2018-20102", "CVE-2018-20103");
    
      script_name(english:"Photon OS 1.0: Haproxy PHSA-2019-1.0-0220");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the haproxy package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-220.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3855");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:haproxy");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"haproxy-1.8.14-3.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"haproxy-debuginfo-1.8.14-3.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"haproxy-doc-1.8.14-3.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "haproxy");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2329.NASL
    descriptionAccording to the versions of the haproxy package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.(CVE-2018-20102) - An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.(CVE-2018-20103) - An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.(CVE-2018-20615) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131494
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131494
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : haproxy (EulerOS-SA-2019-2329)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131494);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/10");
    
      script_cve_id(
        "CVE-2018-20102",
        "CVE-2018-20103",
        "CVE-2018-20615"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : haproxy (EulerOS-SA-2019-2329)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the haproxy package installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - An out-of-bounds read in dns_validate_dns_response in
        dns.c was discovered in HAProxy through 1.8.14. Due to
        a missing check when validating DNS responses, remote
        attackers might be able read the 16 bytes corresponding
        to an AAAA record from the non-initialized part of the
        buffer, possibly accessing anything that was left on
        the stack, or even past the end of the 8193-byte
        buffer, depending on the value of
        accepted_payload_size.(CVE-2018-20102)
    
      - An issue was discovered in dns.c in HAProxy through
        1.8.14. In the case of a compressed pointer, a crafted
        packet can trigger infinite recursion by making the
        pointer point to itself, or create a long chain of
        valid pointers resulting in stack
        exhaustion.(CVE-2018-20103)
    
      - An out-of-bounds read issue was discovered in the
        HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x
        through 1.9.0 which can result in a crash. The
        processing of the PRIORITY flag in a HEADERS frame
        requires 5 extra bytes, and while these bytes are
        skipped, the total frame length was not re-checked to
        make sure they were present in the
        frame.(CVE-2018-20615)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2329
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc00cdfc");
      script_set_attribute(attribute:"solution", value:
    "Update the affected haproxy packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:haproxy");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["haproxy-1.8.14-1.h1.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "haproxy");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1650.NASL
    descriptionAccording to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to backup servers in the event a main one fails - accept connections to special ports dedicated to service monitoring - stop accepting connections without breaking existing ones - add, modify, and delete HTTP headers in both directions - block requests matching particular patterns - report detailed status to authenticated users from a URI intercepted from the applicationSecurity Fix(es):An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.(CVE-2018-20615)An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.(CVE-2018-20103)An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.(CVE-2018-20102) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-06-27
    plugin id126277
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126277
    titleEulerOS 2.0 SP8 : haproxy (EulerOS-SA-2019-1650)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126277);
      script_version("1.14");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2018-20102",
        "CVE-2018-20103",
        "CVE-2018-20615"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : haproxy (EulerOS-SA-2019-1650)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the haproxy package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - HAProxy is a TCP/HTTP reverse proxy which is
        particularly suited for high availability environments.
        Indeed, it can: - route HTTP requests depending on
        statically assigned cookies - spread load among several
        servers while assuring server persistence through the
        use of HTTP cookies - switch to backup servers in the
        event a main one fails - accept connections to special
        ports dedicated to service monitoring - stop accepting
        connections without breaking existing ones - add,
        modify, and delete HTTP headers in both directions -
        block requests matching particular patterns - report
        detailed status to authenticated users from a URI
        intercepted from the applicationSecurity Fix(es):An
        out-of-bounds read issue was discovered in the HTTP/2
        protocol decoder in HAProxy 1.8.x and 1.9.x through
        1.9.0 which can result in a crash. The processing of
        the PRIORITY flag in a HEADERS frame requires 5 extra
        bytes, and while these bytes are skipped, the total
        frame length was not re-checked to make sure they were
        present in the frame.(CVE-2018-20615)An issue was
        discovered in dns.c in HAProxy through 1.8.14. In the
        case of a compressed pointer, a crafted packet can
        trigger infinite recursion by making the pointer point
        to itself, or create a long chain of valid pointers
        resulting in stack exhaustion.(CVE-2018-20103)An
        out-of-bounds read in dns_validate_dns_response in
        dns.c was discovered in HAProxy through 1.8.14. Due to
        a missing check when validating DNS responses, remote
        attackers might be able read the 16 bytes corresponding
        to an AAAA record from the non-initialized part of the
        buffer, possibly accessing anything that was left on
        the stack, or even past the end of the 8193-byte
        buffer, depending on the value of
        accepted_payload_size.(CVE-2018-20102)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1650
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?971db689");
      script_set_attribute(attribute:"solution", value:
    "Update the affected haproxy packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:haproxy");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["haproxy-1.8.14-1.h1.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "haproxy");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0150_HAPROXY.NASL
    descriptionAn update of the haproxy package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id125087
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125087
    titlePhoton OS 2.0: Haproxy PHSA-2019-2.0-0150
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0547.NASL
    descriptionAn update for haproxy is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security fix(es) : * haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash (CVE-2018-20615) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page (s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id122865
    published2019-03-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122865
    titleRHEL 7 : OpenShift Container Platform 3.9 haproxy (RHSA-2019:0547)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3858-1.NASL
    descriptionIt was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this to expose sensitive information. (CVE-2018-20102) It was discovered that HAProxy incorrectly handled certain requests. A attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20103, CVE-2018-20615). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-16
    plugin id121210
    published2019-01-16
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121210
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 : haproxy vulnerabilities (USN-3858-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-44.NASL
    descriptionThis update for haproxy to version 1.8.15 fixes the following issues : Security issues fixed : - CVE-2018-20102: Fixed an out-of-bounds read in dns_validate_dns_response(), which allowed for memory disclosure (bsc#1119368) - CVE-2018-20103: Fixed an infinite recursion via crafted packet allows stack exhaustion and denial of service (bsc#1119419) Other notable bug fixes : - Fix off-by-one write in dns_validate_dns_response() - Fix out-of-bounds read via signedness error in dns_validate_dns_response() - Prevent out-of-bounds read in dns_validate_dns_response() - Prevent out-of-bounds read in dns_read_name() - Prevent stack-exhaustion via recursion loop in dns_read_name For a full list of changes, please refer to: https://www.haproxy.org/download/1.8/src/CHANGELOG This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2019-01-14
    plugin id121153
    published2019-01-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121153
    titleopenSUSE Security Update : haproxy (openSUSE-2019-44)

Redhat

advisories
  • rhsa
    idRHBA-2019:0326
  • rhsa
    idRHBA-2019:0327
  • rhsa
    idRHSA-2019:1436
rpms
  • atomic-enterprise-service-catalog-1:3.11.82-1.git.1673.133961e.el7
  • atomic-enterprise-service-catalog-svcat-1:3.11.82-1.git.1673.133961e.el7
  • atomic-openshift-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-clients-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-clients-redistributable-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-cluster-autoscaler-0:3.11.82-1.git.0.efb6af0.el7
  • atomic-openshift-descheduler-0:3.11.82-1.git.300.89765c9.el7
  • atomic-openshift-docker-excluder-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-dockerregistry-0:3.11.82-1.git.452.0ce6383.el7
  • atomic-openshift-excluder-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-hyperkube-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-hypershift-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-master-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-metrics-server-0:3.11.82-1.git.52.2fdca3f.el7
  • atomic-openshift-node-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-node-problem-detector-0:3.11.82-1.git.254.a448936.el7
  • atomic-openshift-pod-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-sdn-ovs-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-service-idler-0:3.11.82-1.git.14.e353758.el7
  • atomic-openshift-template-service-broker-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-tests-0:3.11.82-1.git.0.08bc31b.el7
  • atomic-openshift-web-console-0:3.11.82-1.git.355.5e8b1d9.el7
  • golang-github-openshift-oauth-proxy-0:3.11.82-1.git.425.7cac034.el7
  • haproxy-debuginfo-0:1.8.17-3.el7
  • haproxy18-0:1.8.17-3.el7
  • jenkins-0:2.150.2.1549032159-1.el7
  • jenkins-2-plugins-0:3.11.1549642489-1.el7
  • openshift-ansible-0:3.11.82-3.git.0.9718d0a.el7
  • openshift-ansible-docs-0:3.11.82-3.git.0.9718d0a.el7
  • openshift-ansible-playbooks-0:3.11.82-3.git.0.9718d0a.el7
  • openshift-ansible-roles-0:3.11.82-3.git.0.9718d0a.el7
  • openshift-ansible-test-0:3.11.82-3.git.0.9718d0a.el7
  • openshift-enterprise-autoheal-0:3.11.82-1.git.219.0b5aff4.el7
  • openshift-enterprise-cluster-capacity-0:3.11.82-1.git.380.cf11c51.el7
  • prometheus-0:3.11.82-1.git.5027.9d24833.el7
  • prometheus-alertmanager-0:3.11.82-1.git.0.3bf41ce.el7
  • prometheus-node-exporter-0:3.11.82-1.git.1063.48444e8.el7
  • haproxy-debuginfo-0:1.8.17-3.el7
  • haproxy18-0:1.8.17-3.el7
  • rh-haproxy18-haproxy-0:1.8.17-1.el7
  • rh-haproxy18-haproxy-debuginfo-0:1.8.17-1.el7
  • rh-haproxy18-haproxy-syspaths-0:1.8.17-1.el7