Source: haproxy Version: 1.8.14-1 Severity: important Tags: patch security upstream
Hi, The following vulnerability was published for haproxy. CVE-2018-20103[0]: | An issue was discovered in dns.c in HAProxy through 1.8.14. In the case | of a compressed pointer, a crafted packet can trigger infinite | recursion by making the pointer point to itself, or create a long chain | of valid pointers resulting in stack exhaustion. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20103 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103 [1] http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
