SUSE-SU-2015:1776-1: moderate: Security update for haproxy

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Oct 19 02:10:26 MDT 2015 

   SUSE Security Update: Security update for haproxy
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1776-1
Rating:             moderate
References:         #937042 #937202 #947204 
Cross-References:   CVE-2015-3281
Affected Products:
                    SUSE OpenStack Cloud 5
______________________________________________________________________________

   An update that solves one vulnerability and has two fixes
   is now available.

Description:


   haxproy was updated to backport various security fixes and related patches
   (bsc#937202) (bsc#937042) (CVE-2015-3281)

   + BUG/MAJOR: buffers: make the buffer_slow_realign() function respect
     output data
   + BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
   + MEDIUM: ssl: replace standards DH groups with custom ones
   + BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
   + MINOR: ssl: add a destructor to free allocated SSL ressources
   + BUG/MINOR: ssl: Display correct filename in error message
   + MINOR: ssl: load certificates in alphabetical order
   + BUG/MEDIUM: checks: fix conflicts between agent checks and ssl
     healthchecks
   + BUG/MEDIUM: ssl: force a full GC in case of memory shortage
   + BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of
     OOM.
   + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
   + MINOR: ssl: add statement to force some ssl options in global.
   + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
     formatted certs

   Also the init script was fixed for the haproxy status checks (bsc#947204)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 5:

      zypper in -t patch sleclo50sp3-haproxy-12142=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 5 (x86_64):

      haproxy-1.5.4-12.1


References:

   https://www.suse.com/security/cve/CVE-2015-3281.html
   https://bugzilla.suse.com/937042
   https://bugzilla.suse.com/937202
   https://bugzilla.suse.com/947204

More information about the sle-security-updates mailing list