Text only | Text with Images

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: mfedv on September 23, 2021, 04:58:28 PM

Title: heads up: 21.7.3 fixes CVE-2021-40346 (haproxy)
Post by: mfedv on September 23, 2021, 04:58:28 PM
Hi,

the 21.7.3 announcement at

    https://forum.opnsense.org/index.php?topic=24864.0

fails to mention haproxy, but 21.7.3 updates haproxy to 2.2.17, which
contains a fix for the recently discovered HTTP Smuggling vulnerability
(CVE-2021-40346):

    https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

One more reason to install the upgrade (btw, thanks for all the good
work!)

Matthias
Text only | Text with Images