Release Info

Advisory: CLSA-2023:1698689602

OS: Ubuntu 18.04 ELS

Public date: 2023-10-30 14:13:25

Project: haproxy

Version: 1.8.8-1ubuntu0.13.tuxcare.els1

Errata link: https://errata.cloudlinux.com/ubuntu18-els/CLSA-2023-1698689602.html

Changelog

* SECURITY UPDATE: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: h2: don't accept new streams if conn_streams are still in excess - CVE-2023-44487

Update

Update command: apt-get update apt-get --only-upgrade install haproxy*

Packages list

haproxy_1.8.8-1ubuntu0.13.tuxcare.els1_amd64.deb haproxy-doc_1.8.8-1ubuntu0.13.tuxcare.els1_all.deb vim-haproxy_1.8.8-1ubuntu0.13.tuxcare.els1_all.deb

CVEs

CVE-2023-44487