heads up: 21.7.3 fixes CVE-2021-40346 (haproxy)

Started by mfedv, September 23, 2021, 04:58:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 23, 2021, 04:58:28 PM
Hi,

the 21.7.3 announcement at

    https://forum.opnsense.org/index.php?topic=24864.0

fails to mention haproxy, but 21.7.3 updates haproxy to 2.2.17, which
contains a fix for the recently discovered HTTP Smuggling vulnerability
(CVE-2021-40346):

    https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

One more reason to install the upgrade (btw, thanks for all the good
work!)

Matthias
Print
Go Up Pages1
User actions