Bug #9962
closedHAproxy Upgrade needed HTTP/2 CVE-2019-19330
100%
Description
[https://nvd.nist.gov/vuln/detail/CVE-2019-19330]
Haproxy 1.8 need be updated to 1.8.23 (RD: 2019/11/25) from 1.8.21 [https://www.haproxy.org/download/1.8/src/CHANGELOG]
Haproxy 2.0 need be updated to 2.0.10 (RD: 2019/11/25) from 2.0.7 [https://www.haproxy.org/download/2.0/src/CHANGELOG]
Commits with fix:
[https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878]
[https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344]
[https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e]
Updated by Jim Pingle over 4 years ago
- Assignee set to Renato Botelho
- Affected Architecture All added
- Affected Architecture deleted (
)
The new versions are in the ports tree in master, but need picked back to devel, RELENG_2_4_4, and RELENG_2_4_5
Updated by Renato Botelho over 4 years ago
- Status changed from New to In Progress
Updated by Renato Botelho over 4 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
2.0.10 / 1.8.23 and 1.7 .12 were pushed to proper branches
Updated by DRago_Angel [InV@DER] over 4 years ago
Renato Botelho wrote:
2.0.10 / 1.8.23 and 1.7 .12 were pushed to proper branches
Thanks, how can I trigger upgrade, need to wait? Currently my pfSense not see them.
Updated by Jim Pingle over 4 years ago
The packages will show up on 2.4.4 immediately, they are already there:
: pkg search haproxy haproxy17-1.7.12 Reliable, high performance TCP/HTTP load balancer haproxy18-1.8.23 Reliable, high performance TCP/HTTP load balancer pfSense-pkg-haproxy-0.59_21 pfSense package haproxy pfSense-pkg-haproxy-devel-0.59_22 pfSense package haproxy-devel
For 2.4.5 and 2.5.0, the packages will be available when the next snapshot build completes.
Updated by Viktor Gurov over 4 years ago
Jim Pingle wrote:
The packages will show up on 2.4.4 immediately, they are already there:
[...]For 2.4.5 and 2.5.0, the packages will be available when the next snapshot build completes.
2.4.5.a.20191220.1407 and 2.5.0.a.20191220.1354 result:
: pkg search haproxy haproxy-2.0.10 Reliable, high performance TCP/HTTP load balancer haproxy18-1.8.23 Reliable, high performance TCP/HTTP load balancer pfSense-pkg-haproxy-0.60_2 pfSense package haproxy pfSense-pkg-haproxy-devel-0.60_2 pfSense package haproxy-devel