OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • heads up: 21.7.3 fixes CVE-2021-40346 (haproxy)
« previous next »
  • Print
Pages: [1]

Author Topic: heads up: 21.7.3 fixes CVE-2021-40346 (haproxy)  (Read 1319 times)

mfedv

  • Newbie
  • *
  • Posts: 43
  • Karma: 6
    • View Profile
heads up: 21.7.3 fixes CVE-2021-40346 (haproxy)
« on: September 23, 2021, 04:58:28 pm »
Hi,

the 21.7.3 announcement at

    https://forum.opnsense.org/index.php?topic=24864.0

fails to mention haproxy, but 21.7.3 updates haproxy to 2.2.17, which
contains a fix for the recently discovered HTTP Smuggling vulnerability
(CVE-2021-40346):

    https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

One more reason to install the upgrade (btw, thanks for all the good
work!)

Matthias
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • heads up: 21.7.3 fixes CVE-2021-40346 (haproxy)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2