SUSE-SU-2015:1776-1: moderate: Security update for haproxy

sle-security-updates at sle-security-updates at
Mon Oct 19 02:10:26 MDT 2015

   SUSE Security Update: Security update for haproxy

Announcement ID:    SUSE-SU-2015:1776-1
Rating:             moderate
References:         #937042 #937202 #947204 
Cross-References:   CVE-2015-3281
Affected Products:
                    SUSE OpenStack Cloud 5

   An update that solves one vulnerability and has two fixes
   is now available.


   haxproy was updated to backport various security fixes and related patches
   (bsc#937202) (bsc#937042) (CVE-2015-3281)

   + BUG/MAJOR: buffers: make the buffer_slow_realign() function respect
     output data
   + BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
   + MEDIUM: ssl: replace standards DH groups with custom ones
   + BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
   + MINOR: ssl: add a destructor to free allocated SSL ressources
   + BUG/MINOR: ssl: Display correct filename in error message
   + MINOR: ssl: load certificates in alphabetical order
   + BUG/MEDIUM: checks: fix conflicts between agent checks and ssl
   + BUG/MEDIUM: ssl: force a full GC in case of memory shortage
   + BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of
   + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
   + MINOR: ssl: add statement to force some ssl options in global.
   + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
     formatted certs

   Also the init script was fixed for the haproxy status checks (bsc#947204)

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 5:

      zypper in -t patch sleclo50sp3-haproxy-12142=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE OpenStack Cloud 5 (x86_64):



More information about the sle-security-updates mailing list