Ubuntu alert USN-8208-1 (haproxy)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8208-1] HAProxy vulnerability | |
| Date: | Mon, 27 Apr 2026 13:38:10 +0000 | |
| Message-ID: | <E1wHMA6-0003iD-Jb@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8208-1 April 27, 2026 haproxy vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: HAProxy could be made to expose sensitive information over the network. Software Description: - haproxy: fast and reliable load balancing reverse proxy Details: Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 haproxy 3.0.12-0ubuntu0.25.10.4 Ubuntu 24.04 LTS haproxy 2.8.16-0ubuntu0.24.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8208-1 CVE-2026-33555 Package Information: https://launchpad.net/ubuntu/+source/haproxy/3.0.12-0ubun... https://launchpad.net/ubuntu/+source/haproxy/2.8.16-0ubun...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnvXYUACgkQcpJm3tlz hgEOFg/8Dro8qiQ6zihj+Tn41M8sxpdEQhL9urUy94H3m4iP1Uin2lBeWSOd04uN OVYjApjCMZCyxB22e60aNdpP9eN+qIPMsXqDiYDqFTplHpPkdgf6buIBNdx+Ljf+ q7sWOTbFkvZ2Pv+kri/PWQoH6PhsPcIZ5ZRkeUwqeTk46QN2Qg43bHqJmcUCcjk+ go6SKwFmJQVeVLRcmtnUAfEapH0BRd2zZoSH039Qn8RlQDPTWXclm4c8JBis+UHg mm1FuPxayxlkr0RPkP8coqXkEZzy9BJ2m52AShQ4Sk4p7Zy1r5kY2KG/PTClYXU4 7hAbr1ITDJk9eHqw91zJGn6rMrDv6LY5IkFZe+45rt5R2awMcmKaEg5CTNpEY+Do z3u8mjp/TLVGqC7TAk/O9P90otbmLC4hURzrsa4jpAxO7anPzbKIRFJrf8DkNdoK j5+TdDOFuxANdZe+TsqBfMsjLvxyGekDRg0FXuBkbE7akiK13bKAZWd6GIbTgEDl cZzR4rgwROlkwAjhqLGM5eVXOVupu+oDNOltmKUBg9TuMO7m0Eqv5vkGf4D2cIaQ 0tIx5DEsFpz5PK/ki5IfoJf5P1pT0ECiMHB6i4A8VLnB9GBOf4z2kipOVgKlVsK2 8YYTlrNXD5cKpyS8dBT/qZMN0F/ON3gsj0Hh/cAbembk/JVVrtY= =se3Q -----END PGP SIGNATURE-----