Bug 1142529 - (CVE-2019-14241) VUL-1: CVE-2019-14241: haproxy: cookie memory corruption
(CVE-2019-14241)
VUL-1: CVE-2019-14241: haproxy: cookie memory corruption
Status: IN_PROGRESS
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Kristoffer Gronlund
E-mail List
https://smash.suse.de/issue/237870/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-23 15:46 UTC by Marcus Meissner
Modified: 2021-04-19 09:25 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2019-07-23 15:54:49 UTC
only openSUSE Factory has something newer than 1.8.x
Comment 3 Kristoffer Gronlund 2019-07-30 13:13:58 UTC
Updating openSUSE:Factory to 2.0.3 or higher will fix this. No other releases are affected.
Comment 4 Alexandros Toptsoglou 2019-07-30 14:27:26 UTC
Public through https://github.com/haproxy/haproxy/issues/181
Comment 5 Kristoffer Gronlund 2019-07-30 14:52:22 UTC
Both issues mentioned in the github issue are resolved by this submission:
https://build.opensuse.org/request/show/719848
Comment 7 Swamp Workflow Management 2019-11-18 20:11:20 UTC
SUSE-SU-2019:3001-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1142529
CVE References: CVE-2019-14241
Sources used:
SUSE Linux Enterprise High Availability 15-SP1 (src):    haproxy-2.0.5+git0.d905f49a-8.3.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-11-18 20:12:08 UTC
SUSE-SU-2019:3002-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1142529
CVE References: CVE-2019-14241
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    haproxy-2.0.5+git0.d905f49a-3.12.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2019-11-23 23:11:56 UTC
openSUSE-SU-2019:2555-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1142529
CVE References: CVE-2019-14241
Sources used:
openSUSE Leap 15.0 (src):    haproxy-2.0.5+git0.d905f49a-lp150.2.13.1
Comment 10 Swamp Workflow Management 2019-11-23 23:15:20 UTC
openSUSE-SU-2019:2556-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1142529
CVE References: CVE-2019-14241
Sources used:
openSUSE Leap 15.1 (src):    haproxy-2.0.5+git0.d905f49a-lp151.2.3.1