USN-6530-1: HAProxy vulnerability
5 December 2023
HAProxy could be made to expose sensitive information.
Releases
Packages
- haproxy - fast and reliable load balancing reverse proxy
Details
It was discovered that HAProxy incorrectly handled URI components
containing the hash character (#). A remote attacker could possibly use
this issue to obtain sensitive information, or to bypass certain path_end
rules.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 22.04
Ubuntu 20.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6530-2: haproxy, haproxy-doc, vim-haproxy