UbuntuUpdates.org

Package "haproxy-doc"

Name: haproxy-doc

Description:

fast and reliable load balancing reverse proxy (HTML documentation)

Latest version: 3.0.12-0ubuntu0.25.10.5
Release: questing (25.10)
Level: security
Repository: universe
Head package: haproxy
Homepage: http://www.haproxy.org/

Links


Download "haproxy-doc"


Other versions of "haproxy-doc" in Questing

Repository Area Version
base universe 3.0.10-1ubuntu3
updates universe 3.0.12-0ubuntu0.25.10.5

Changelog

Version: 3.0.12-0ubuntu0.25.10.5 2026-06-22 19:07:51 UTC

  haproxy (3.0.12-0ubuntu0.25.10.5) questing-security; urgency=medium

  * SECURITY UPDATE: overflow in FCGI demux record length field
    - debian/patches/CVE-2026-55203.patch: mux-fcgi: fix uint16_t overflow in
      drl += drp in src/mux_fcgi.c.
    - CVE-2026-55203
  * SECURITY UPDATE: NULL dereference in hpack_dht_insert()
    - debian/patches/CVE-2026-55204.patch: hpack-tbl: add missing NULL check
      after hpack_dht_defrag() in src/hpack-tbl.c.
    - CVE-2026-55204

 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2026 11:03:40 -0400

Source diff to previous version
CVE-2026-55203 HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer
CVE-2026-55204 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that

Version: 3.0.12-0ubuntu0.25.10.4 2026-04-27 13:11:06 UTC

  haproxy (3.0.12-0ubuntu0.25.10.4) questing-security; urgency=medium

  * SECURITY UPDATE: HTTP/3 parser request smuggling issue
    - debian/patches/CVE-2026-33555.patch: check body size with
      content-length on empty FIN in src/h3.c.
    - CVE-2026-33555

 -- Marc Deslauriers <email address hidden> Wed, 15 Apr 2026 14:02:22 -0400

Source diff to previous version
CVE-2026-33555 An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced conten

Version: 3.0.12-0ubuntu0.25.10.3 2026-02-12 20:07:59 UTC

  haproxy (3.0.12-0ubuntu0.25.10.3) questing-security; urgency=medium

  * SECURITY UPDATE: crash via INITIAL packet for the NEW_TOKEN format
    - debian/patches/quic-reject-invalid-token.patch: reject invalid token
      in src/quic_token.c.
    - CVE-2026-26081

 -- Marc Deslauriers <email address hidden> Tue, 10 Feb 2026 07:50:15 -0500

CVE-2026-26081 BUG/MAJOR: quic: reject invalid token



About   -   Send Feedback to @ubuntu_updates