HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "haproxy", "binary_version": "1.4.24-2ubuntu0.4" }, { "binary_name": "haproxy-dbgsym", "binary_version": "1.4.24-2ubuntu0.4" }, { "binary_name": "vim-haproxy", "binary_version": "1.4.24-2ubuntu0.4" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "haproxy", "binary_version": "1.6.3-1ubuntu0.1" }, { "binary_name": "haproxy-dbg", "binary_version": "1.6.3-1ubuntu0.1" }, { "binary_name": "haproxy-dbgsym", "binary_version": "1.6.3-1ubuntu0.1" }, { "binary_name": "haproxy-doc", "binary_version": "1.6.3-1ubuntu0.1" }, { "binary_name": "vim-haproxy", "binary_version": "1.6.3-1ubuntu0.1" } ] }