Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code. CVE-2013-1912 Buffer overflow in the HTTP keepalive code. CVE-2013-2175 Denial of service in parsing HTTP headers.

For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.8-1+squeeze1. The stable distribution (wheezy) doesn't contain haproxy. For the unstable distribution (sid), these problems have been fixed in version 1.4.24-1. We recommend that you upgrade your haproxy packages.

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. It features connection persistence through HTTP cookies, load balancing, header addition, modification, deletion both ways. It has request blocking capabilities and provides interface to display server status.

haproxy on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2711.html

---

Updated on 2015-03-25