Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

haproxy: CVE-2018-20102

Related Vulnerabilities: CVE-2018-20102   CVE-2018-20103  

Source

Debian Bug report logs - #916308
haproxy: CVE-2018-20102

version graph

Package: src:haproxy; Maintainer for src:haproxy is Debian HAProxy Maintainers <haproxy@tracker.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 12 Dec 2018 21:00:02 UTC

Severity: grave

Tags: patch, security, upstream

Found in version haproxy/1.8.14-1

Fixed in version haproxy/1.8.15-1

Done: Apollon Oikonomopoulos <apoikos@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian HAProxy Maintainers <haproxy@tracker.debian.org>:
Bug#916308; Package src:haproxy. (Wed, 12 Dec 2018 21:00:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian HAProxy Maintainers <haproxy@tracker.debian.org>. (Wed, 12 Dec 2018 21:00:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: haproxy: CVE-2018-20102
Date: Wed, 12 Dec 2018 21:56:56 +0100
Source: haproxy
Version: 1.8.14-1
Severity: grave
Tags: patch security upstream

Hi,

The following vulnerability was published for haproxy, the RC severity
might be not correct, but trying to be on safe side here.

CVE-2018-20102[0]:
| An out-of-bounds read in dns_validate_dns_response in dns.c was
| discovered in HAProxy through 1.8.14. Due to a missing check when
| validating DNS responses, remote attackers might be able read the 16
| bytes corresponding to an AAAA record from the non-initialized part of
| the buffer, possibly accessing anything that was left on the stack, or
| even past the end of the 8193-byte buffer, depending on the value of
| accepted_payload_size.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20102
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102
[1] http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply sent to Apollon Oikonomopoulos <apoikos@debian.org>:
You have taken responsibility. (Fri, 14 Dec 2018 19:09:11 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 14 Dec 2018 19:09:11 GMT) (full text, mbox, link).

Message #10 received at 916308-close@bugs.debian.org (full text, mbox, reply):

From: Apollon Oikonomopoulos <apoikos@debian.org>
To: 916308-close@bugs.debian.org
Subject: Bug#916308: fixed in haproxy 1.8.15-1
Date: Fri, 14 Dec 2018 19:04:51 +0000
Source: haproxy
Source-Version: 1.8.15-1

We believe that the bug you reported is fixed in the latest version of
haproxy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 916308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <apoikos@debian.org> (supplier of updated haproxy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Dec 2018 15:31:04 +0200
Source: haproxy
Binary: haproxy haproxy-doc vim-haproxy
Architecture: source amd64 all
Version: 1.8.15-1
Distribution: unstable
Urgency: high
Maintainer: Debian HAProxy Maintainers <haproxy@tracker.debian.org>
Changed-By: Apollon Oikonomopoulos <apoikos@debian.org>
Description:
 haproxy    - fast and reliable load balancing reverse proxy
 haproxy-doc - fast and reliable load balancing reverse proxy (HTML documentatio
 vim-haproxy - syntax highlighting for HAProxy configuration files
Closes: 911933 916307 916308
Changes:
 haproxy (1.8.15-1) unstable; urgency=high
 .
   [ Vincent Bernat ]
   * d/rules: switch to pcre2. Closes: #911933.
 .
   [ Apollon Oikonomopoulos ]
   * New upstream version 1.8.15
     - BUG: dns: Fix off-by-one write in dns_validate_dns_response() (
     - BUG: dns: Fix out-of-bounds read via signedness error in
       dns_validate_dns_response()
     - BUG: dns: Prevent out-of-bounds read in dns_read_name()
     - BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
       (CVE-2018-20102, closes: #916308)
     - BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
       (CVE-2018-20103, closes: #916307)
     - BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
Checksums-Sha1:
 11a5246474beb0bd706e1362be293efc296bb4ac 2262 haproxy_1.8.15-1.dsc
 ed7dfe5c7fc39fbb3b54e981eb709fd8bcd87042 2076583 haproxy_1.8.15.orig.tar.gz
 561cec2ca251abc0678db6679a1ac0a994119db5 66452 haproxy_1.8.15-1.debian.tar.xz
 bd085c38e96f8f46d832a9f1db217a7c04ec42e1 3319156 haproxy-dbgsym_1.8.15-1_amd64.deb
 7f175c3e3951745d4ea7721823d6fc4adcd53f93 525524 haproxy-doc_1.8.15-1_all.deb
 d82628752d5b6f853c6c7648aa7e1ac659c9497a 8099 haproxy_1.8.15-1_amd64.buildinfo
 d3172b1fa1d3b37a5813c0186b33cd7c12d5f989 1298300 haproxy_1.8.15-1_amd64.deb
 221dd1427b613a62917c8408a919e49e13780c65 175928 vim-haproxy_1.8.15-1_all.deb
Checksums-Sha256:
 265a0790d1083b7c8bc4c182f8b370837234837dff047d4177bd7fb98ade9072 2262 haproxy_1.8.15-1.dsc
 7113862f1146d7de8b8e64f45826ab3533c7f7f7b7767e24c08f7c762202a032 2076583 haproxy_1.8.15.orig.tar.gz
 f48a7c574b3f32bf804f900ba232f43aa6017525f4375c78ad56ac1834286d1e 66452 haproxy_1.8.15-1.debian.tar.xz
 fc758755efbd017d52592b256f4f77bc6ed07777aa5eef4088b10a5fcb80c2d5 3319156 haproxy-dbgsym_1.8.15-1_amd64.deb
 f0632956491211a55d56e20dce12846a88b472e23eb4404eec8d31ba842d020b 525524 haproxy-doc_1.8.15-1_all.deb
 6eb51e6533ecbd531f5689f8d2da34a85a8ce1f9d04d0e9c888f7eeb5ef5c450 8099 haproxy_1.8.15-1_amd64.buildinfo
 4e1b4f14f1d30af659f8ba3c3f6fcea3ff823a482b1adb6b4f683937309d68d3 1298300 haproxy_1.8.15-1_amd64.deb
 16aaa2d04c8f75592ecb20f99a0410bf4a33de304715d6b97e46f54e29472470 175928 vim-haproxy_1.8.15-1_all.deb
Files:
 4704f0e59db5228ce9d194adddff93c0 2262 net optional haproxy_1.8.15-1.dsc
 ae732cbce52b3e04112a32ef116a11de 2076583 net optional haproxy_1.8.15.orig.tar.gz
 dfc3630b6446f9d9bbd896f1094686d9 66452 net optional haproxy_1.8.15-1.debian.tar.xz
 db5e75af482b995d065af0369c86e94d 3319156 debug optional haproxy-dbgsym_1.8.15-1_amd64.deb
 0980c9c03c31b527d05bf3526cb406a1 525524 doc optional haproxy-doc_1.8.15-1_all.deb
 c8996945408a53e627a962fa7642857d 8099 net optional haproxy_1.8.15-1_amd64.buildinfo
 e5ab2990975197aaed0bb6b8ad342841 1298300 net optional haproxy_1.8.15-1_amd64.deb
 24b1d69167d434a84a282e7e27149986 175928 net optional vim-haproxy_1.8.15-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlwTuQ8ACgkQ9RsYxyAk
giSKEQ//fd4J4Ea1ZOziFGZbQOO0EOjH9iUdHFdLtraH3/m/XW69XaDJ1qnvhlGR
/UJ5YPvaK4BpPJwsOJWcZovpBlN0UO5K6M8b9ck4mM1zgGf7OFXmeNx9ytsnJNf8
DbmsTOQAT8Hb9Ig+VBt+1WCT107b3x5YJJQjdfUsAad3f6FvFf3ApvnVxYKUoaXk
J8r1xfnMaVq1Ai2PrUAfHm07ciy1vDj/D4alrQ/Tp8Fry19MR6j1ujxHGuqIlay8
17na31agX9b3lzwIaySzALUGjdaRyGCwhjPtoCoYaXeD0oBYvcA2lFqoueuCchjA
2zfjbyoo6C+BwEst67qV/8BKm7IFltCe3iLpI9oHTic2uV0uDhaLlfYHMlMBXCZ7
3kvVlENttg2z91iFVoCtRH/Ko3aJZet0rQlrkZCzAFHhfF9dvGGxH7sMi7v7Omme
bqfC84Y2ae/TNiuVCpWc2N2bd4jHUSRkg0WOyowzygTTDdfhEj6FcU933D1h+NuZ
e+xVg+yuk+MjEOpy8FLT8n2EjllTIAllBoTtFR9QjEs7mdiW3MNFZi2UaeY0raRt
x5kFtPWYSmTcyvp+wORSnfabdgc5FfNtIQEDr2U5tkHaiYnC1WCkDSR2cJZRDgU5
4PycagTUKjeneUxQYN7OX1XB2G5KIz49kFV7gmiqZygeHghKU3E=
=d+6k
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 12 Jan 2019 07:26:00 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 12:59:13 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started