haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100

Main Menu

Welcome to OPNsense Forum.
Log in
Sign up

OPNsense Forum
► Archive
► 20.1 Legacy Series
► haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100

haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100

Started by jfqd, April 06, 2020, 12:11:42 PM

Previous topic - Next topic

Print

Go Down Pages1

jfqd
Newbie
Posts 5
Logged

haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100

April 06, 2020, 12:11:42 PM

Is there a timeframe for an update of haproxy to fix CVE-2020-11100 [1]?

[1] https://www.haproxy.com/blog/haproxy-1-8-http-2-hpack-decoder-vulnerability-fixed/

franco
Administrator
Hero Member
Posts 18,342
Location: Germany
Logged

Re: haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100

April 06, 2020, 12:26:24 PM #1

Yes, 20.1.4 with HAProxy 2.0.14 this week.

Too late, too soon?

Cheers,
Franco

jfqd
Newbie
Posts 5
Logged

Re: haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100

April 06, 2020, 12:35:31 PM #2

Thx Franco, perfect! :)

franco
Administrator
Hero Member
Posts 18,342
Location: Germany
Logged

Re: haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100

April 06, 2020, 01:44:50 PM #3

Whew, ok 8)

Currently we plan for a Wednesday release.

Cheers,
Franco

Print

Go Up Pages1

OPNsense Forum
► Archive
► 20.1 Legacy Series
► haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100

User actions

Print