CVE-2014-6269 | Ubuntu

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
haproxy	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

How can I get the fixes?
What do statuses mean?
Patch details

Notes

jdstrand

per upstream only 1.5-dev23 and higher

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
haproxy	Other: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c

References

MITRE
NVD
Launchpad
Debian

Other references

http://article.gmane.org/gmane.comp.web.haproxy/17726
http://article.gmane.org/gmane.comp.web.haproxy/18097
https://www.cve.org/CVERecord?id=CVE-2014-6269