CVE-2015-3281

Publication date 6 July 2015

Last updated 24 July 2024

Ubuntu priority

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
haproxy	15.04 vivid	Fixed 1.5.10-1ubuntu0.1
	14.10 utopic	Fixed 1.5.4-1ubuntu2.1
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected

How can I get the fixes?
What do statuses mean?
Patch details

Notes

mdeslaur

1.5.x+ only

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
haproxy	Upstream: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2668-1
HAProxy vulnerability
7 July 2015

Other references

http://www.haproxy.org/news.html
http://www.debian.org/security/2015/dsa-3301
https://www.cve.org/CVERecord?id=CVE-2015-3281