Please Install the Updated Packages.

HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A flaw was found in the way HAProxy handled requests when the proxy's configuration ('/etc/haproxy/haproxy.cfg') had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration. (CVE-2013-2175) Red Hat would like to thank HAProxy upstream for reporting this issue. Upstream acknowledges David Torgerson as the original reporter. HAProxy is released as a Technology Preview in Red Hat Enterprise Linux 6. More information about Red Hat Technology Previews is available at <a rel='nofollow' href='https://access.redhat.com/support/offerings/techpreview/'>https://access.redhat.com/support/offerings/techpreview/</a> All users of haproxy are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

haproxy on CentOS 6

• http://lists.centos.org/pipermail/centos-announce/2013-July/019884.html

---

Updated on 2015-03-25