FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2

Affected packages
2.0.0 <= haproxy < 2.0.14
1.8.0 <= haproxy18 < 1.8.25
1.9.0 <= haproxy19 < 1.9.15
2.1.0 <= haproxy21 < 2.1.4

Details

VuXML ID 7f829d44-7509-11ea-b47c-589cfc0f81b0
Discovery 2020-04-02
Entry 2020-04-02

The HAproxy Project reports:

The main driver for this release is that it contains a fix for a serious vulnerability that was responsibly reported last week by Felix Wilhelm from Google Project Zero, affecting the HPACK decoder used for HTTP/2. CVE-2020-11100 was assigned to this issue.

References

CVE Name CVE-2020-11100
URL https://www.mail-archive.com/haproxy@formilux.org/msg36876.html
URL https://www.mail-archive.com/haproxy@formilux.org/msg36877.html
URL https://www.mail-archive.com/haproxy@formilux.org/msg36878.html
URL https://www.mail-archive.com/haproxy@formilux.org/msg36879.html