Bug 1239072 (CVE-2015-3281)
Summary: | CVE-2015-3281 haproxy: information leak in buffer_slow_realign() | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | abhgupta, bleanhar, bperkins, ccoleman, cheese, dmcphers, hany, jdetiber, jialiu, jkeck, joelsmith, jokerman, kseifried, lmeyer, mmccomas, moorthyvsm, robinlee.sysu, rohara, security-response-team, slong | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: |
An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-12-17 17:19:04 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1241143, 1241144, 1241145, 1241535, 1241536, 1241537, 1241538, 1283404 | ||||||
Bug Blocks: | 1239074 | ||||||
Attachments: |
|
Description
Vasyl Kaigorodov
2015-07-03 12:29:15 UTC
Created attachment 1045847 [details]
0001-BUG-MAJOR-buffers-make-the-buffer_slow_realign-funct.patch
Public: http://www.haproxy.org/news.html Patch posted upstream: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 Created haproxy tracking bugs for this issue: Affects: fedora-all [bug 1241143] haproxy-1.5.14-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. haproxy-1.5.14-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. Hey Folks, Just wondering what the status of this bug report is. Will this be pushed to RHEL's repos anytime soon? Seeing how this is high severity and priority, it would be good to have a timeframe of release. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2015:1741 https://rhn.redhat.com/errata/RHSA-2015-1741.html Hello, from https://rhn.redhat.com/errata/RHSA-2015-1741.html, the package name says "haproxy-1.5.4-2.el6_7.1.x86_64.rpm". Isn't this old package. when we check version it is saying it was build from 2014. [root@server ~]# haproxy -v HA-Proxy version 1.5.4 2014/09/02 Copyright 2000-2014 Willy Tarreau <w> That is the compiled version option provided by the upstream sources. To say it a different way, that is the base version that Red Hat used in creating this package. What you need to look at to determine the *real* manifest of the package is to look at the package information and changelog: # rpm -qi haproxy-1.5.4-2.el6_7.1.x86_64 Name : haproxy Relocations: (not relocatable) Version : 1.5.4 Vendor: Red Hat, Inc. Release : 2.el6_7.1 Build Date: Tue 28 Jul 2015 05:58:13 PM CEST Install Date: Fri 11 Sep 2015 04:54:47 PM CEST Build Host: x86-032.build.eng.bos.redhat.com Group : System Environment/Daemons Source RPM: haproxy-1.5.4-2.el6_7.1.src.rpm Size : 2552550 License: GPLv2+ Signature : RSA/8, Thu 03 Sep 2015 09:09:56 PM CEST, Key ID 199e2f91fd431d51 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.haproxy.org/ Summary : HAProxy is a TCP/HTTP reverse proxy for high availability environments Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high <SNIP> # rpm -q --changelog haproxy-1.5.4-2.el6_7.1.x86_64 * Tue Jul 28 2015 Ryan O'Hara <rohara> - 1.5.4-2.1 - Fix buffer_slow_realign() function to respect output data Resolves: CVE-2015-3281 * Tue Mar 03 2015 Ryan O'Hara <rohara> - 1.5.4-2 - Read sysconfig file for extra options Resolves: rhbz#1166497 * Tue Nov 11 2014 Ryan O'Hara <rohara> - 1.5.4-1 - Rebase to upstream version 1.5.4 Resolves: rhbz#1136550 <SNIP> So, 1.5.4 has been, and still is, the base point the subsequent RHEL6 packages were based on, with patches applied. Typically, a package is not rebased within a RHEL major version lifecycle, but there are exceptions. For more information, please feel free to contact your Red Hat support representative. This issue has been addressed in the following products: RHEL 6 Version of OpenShift Enterprise 2.2 Via RHSA-2015:2666 https://rhn.redhat.com/errata/RHSA-2015-2666.html |