RHEL 6 / 7 : haproxy 1.5 (RHSA-2015:1741)
Medium Nessus Plugin ID 85977
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn updated haproxy package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications.
An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated, remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. (CVE-2015-3281)
Note that, according to CVE-2015-3281, this issue only exists in HAProxy version 1.5.x prior to 1.5.14. All HAProxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
SolutionUpdate the affected haproxy and / or haproxy-debuginfo packages.