-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2711-1 security@xxxxxxxxxx http://www.debian.org/security/ Moritz Muehlenhoff June 19, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : haproxy Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-2942 CVE-2013-1912 CVE-2013-2175 Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code. CVE-2013-1912 Buffer overflow in the HTTP keepalive code. CVE-2013-2175 Denial of service in parsing HTTP headers. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.8-1+squeeze1. The stable distribution (wheezy) doesn't contain haproxy. For the unstable distribution (sid), these problems have been fixed in version 1.4.24-1. We recommend that you upgrade your haproxy packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlHB5iUACgkQXm3vHE4uyloejQCcDLeGSbq/TcynokkvYSZf7tgW ykUAn2IzWLERPgLLKGWdtiazkMZ1hAJh =fAae -----END PGP SIGNATURE-----