Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-2942

Published: 27 May 2012

Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.

Notes

AuthorNote
mdeslaur
CVE-2012-2391 was a duplicate of this CVE and got rejected.

Priority

Low

Status

Package Release Status
haproxy
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Ignored
(end of life)
natty Ignored
(end of life)
oneiric
Released (1.4.15-1ubuntu0.1)
precise
Released (1.4.18-0ubuntu1.1)
quantal
Released (1.4.18-0ubuntu2.1)
raring
Released (1.4.18-0ubuntu3)
upstream
Released (1.4.21)
Patches:
upstream: http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.