|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2026-d790d66a08 (haproxy)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: haproxy-3.0.23-2.fc42


Date:
              Wed, 27 May 2026 01:12:33 +0000


Message-ID:
              <20260527011233.48BF06FECD@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d790d66a08
2026-05-27 01:11:26.838882+00:00
--------------------------------------------------------------------------------

Name        : haproxy
Product     : Fedora 42
Version     : 3.0.23
Release     : 2.fc42
URL         : https://www.haproxy.org/
Summary     : Reliable, high-performance TCP/HTTP load-balancing reverse proxy
Description :
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
 - route HTTP requests depending on statically assigned cookies
 - spread load among several servers while assuring server persistence
   through the use of HTTP cookies
 - switch to backup servers in the event a main one fails
 - accept connections to special ports dedicated to service monitoring
 - stop accepting connections without breaking existing ones
 - add, modify, and delete HTTP headers in both directions
 - block requests matching particular patterns
 - report detailed status to authenticated users from a URI intercepted
   from the application

--------------------------------------------------------------------------------
Update Information:

Upgrade to 3.0.23 (see https://www.haproxy.org/download/3.0/src/CHANGELOG for
full upstream changelog)
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2026 Robert Scheck <robert@fedoraproject.org> - 3.0.23-2
- Revert to permissions 0755 for root:root on /var/lib/haproxy
* Sat May 16 2026 Robert Scheck <robert@fedoraproject.org> - 3.0.23-1
- Upgrade to 3.0.23
- Spec file cleanup and modernization (thanks to Xose Vazquez Perez)
* Thu Apr 16 2026 Tom Callaway <spot@fedoraproject.org> - 3.0.19-1
- update to 3.0.19
* Tue Mar  3 2026 Tom Callaway <spot@fedoraproject.org> - 3.0.17-1
- update to 3.0.17, lua 5.5
* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Feb  1 2025 Björn Esser <besser82@fedoraproject.org> - 3.0.5-3
- Add explicit BR: libxcrypt-devel
* Fri Jan 17 2025 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2413003 - CVE-2025-11230 haproxy: denial of service vulnerability in HAProxy mjson
library
        https://bugzilla.redhat.com/show_bug.cgi?id=2413003
  [ 2 ] Bug #2457920 - CVE-2026-33555 haproxy: HAProxy: Request smuggling via HTTP/3 parser
desynchronization
        https://bugzilla.redhat.com/show_bug.cgi?id=2457920
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d790d66a08' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds