openSUSE Security Update : haproxy (openSUSE-2015-682)

Medium Nessus Plugin ID 86623


The remote openSUSE host is missing a security update.


haproxy was updated to fix two security issues.

These security issues were fixed :

- CVE-2015-3281: The buffer_slow_realign function in HAProxy did not properly realign a buffer that is used for pending outgoing data, which allowed remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request (bsc#937042).

- Changed DH parameters to prevent Logjam attack.

These non-security issues were fixed :

- BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data

- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id

- MEDIUM: ssl: replace standards DH groups with custom ones

- BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten

- MINOR: ssl: add a destructor to free allocated SSL ressources

- BUG/MINOR: ssl: Display correct filename in error message

- MINOR: ssl: load certificates in alphabetical order

- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks

- BUG/MEDIUM: ssl: force a full GC in case of memory shortage

- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.

- BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates

- MINOR: ssl: add statement to force some ssl options in global.

- MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs


Update the affected haproxy packages.

See Also

Plugin Details

Severity: Medium

ID: 86623

File Name: openSUSE-2015-682.nasl

Version: $Revision: 2.1 $

Type: local

Agent: unix

Published: 2015/10/28

Modified: 2015/10/28

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:haproxy, p-cpe:/a:novell:opensuse:haproxy-debuginfo, p-cpe:/a:novell:opensuse:haproxy-debugsource, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2015/10/19

Reference Information

CVE: CVE-2015-3281