StarlingX

[Debian] CVE: CVE-2023-0836: haproxy: 5 bytes left uninitialized in the connection buffer

Bug #2020732 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Zhixiong Chi

Bug Description

CVE-2023-0836: https://nvd.nist.gov/vuln/detail/CVE-2023-0836

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.

Base Score: High

References:

A source package in integ repository

haproxy_2.2.9-2+deb11u5

https://www.debian.org/security/2023/dsa-5388

CVE References

Yue Tao (wrytao)
Changed in starlingx:
importance: Undecided → High
status: New → Triaged
tags: added: stx.9.0 stx.security
Zhixiong Chi (zhixiongchi)
Changed in starlingx:
assignee: nobody → Zhixiong Chi (zhixiongchi)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to integ (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/integ/+/884586

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to integ (master)

Reviewed: https://review.opendev.org/c/starlingx/integ/+/884586
Committed: https://opendev.org/starlingx/integ/commit/323cc82399577fa2f6759dfe70277e138d236ac7
Submitter: "Zuul (22348)"
Branch: master

commit 323cc82399577fa2f6759dfe70277e138d236ac7
Author: Zhixiong Chi <email address hidden>
Date: Thu May 25 18:12:32 2023 +0800

    haproxy: upgrade to 2.2.9-2+deb11u5

    Fix the CVE-2023-0836 issue:
    5 bytes left uninitialized in the connection buffer

    Refer to:
    https://www.debian.org/security/2023/dsa-5388

    Test Plan:
    PASS: $downloader
    PASS: $build-pkgs --clean --parallel 10
    PASS: $build-image
    PASS: Jenkins Installation
    PASS: dpkg -l |grep haproxy
    ii haproxy 2.2.9-2+deb11u5.stx.3

    Closes-Bug: 2020732

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: I8c5a938ace4b81d6adf3ddb242a6b80555c6c7d4

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.