Ubuntu
haproxy package

  1. Bug #1118160
  2. Activity log

Activity log for bug #1118160

Date Who What changed Old value New value Message
2013-02-07 09:18:25 Jesse Pretorius bug added bug
2013-02-07 09:21:21 Jesse Pretorius description HAProxy contains a weakness due to not supporting certain security-related flags for cookies. By not supporting the 'Secure' or 'HttpOnly' cookies, applications behind the proxy become more susceptible to cookie stealing attacks. The solution is to upgrade to version 1.5-DEV11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Please work on updating the Ubuntu packages to v1.5 asap. HAProxy contains a weakness due to not supporting certain security-related flags for cookies. By not supporting the 'Secure' or 'HttpOnly' cookies, applications behind the proxy become more susceptible to cookie stealing attacks. The solution is to upgrade to version 1.5-DEV11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. More detail here: http://osvdb.org/82768 Please work on updating the Ubuntu packages to v1.5 asap.
2013-02-08 21:19:37 Jamie Strandboge information type Private Security Public
2013-02-08 21:27:19 Jamie Strandboge summary HAProxy Secure / HttpOnly Flag Cookie Weakness Please support flags for Secure / HttpOnly Cookies
2013-02-08 21:27:25 Jamie Strandboge haproxy (Ubuntu): status New Triaged
2015-12-01 03:28:50 Mathew Hodson haproxy (Ubuntu): importance Undecided Low
2015-12-01 03:31:06 Mathew Hodson haproxy (Ubuntu): status Triaged Fix Released
2015-12-01 03:32:13 Mathew Hodson tags upgrade-software-version
2015-12-01 03:34:15 Mathew Hodson information type Public Public Security