Oracle Linux 6278 Published by

A haproxy security update has been released for Oracle Linux 9.



El-errata: ELSA-2023-1696 Moderate: Oracle Linux 9 haproxy security update


Oracle Linux Security Advisory ELSA-2023-1696

  http://linux.oracle.com/errata/ELSA-2023-1696.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
haproxy-2.4.17-3.el9_1.2.x86_64.rpm

aarch64:
haproxy-2.4.17-3.el9_1.2.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol9/SRPMS-updates//haproxy-2.4.17-3.el9_1.2.src.rpm

Related CVEs:

CVE-2023-0056
CVE-2023-25725



Description of changes:

[2.4.17-3.2]
- Reject empty http header field names (CVE-2023-25725, #2174174)

[2.4.17-3.1]
- Refuse interim responses with end-stream flag set (CVE-2023-0056, #2174172)

_______________________________________________