Test ID:	1.3.6.1.4.1.25623.1.0.702711
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2711-1)
Summary:	The remote host is missing an update for the Debian 'haproxy' package(s) announced via the DSA-2711-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'haproxy' package(s) announced via the DSA-2711-1 advisory. Vulnerability Insight: Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code. CVE-2013-1912 Buffer overflow in the HTTP keepalive code. CVE-2013-2175 Denial of service in parsing HTTP headers. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.8-1+squeeze1. The stable distribution (wheezy) doesn't contain haproxy. For the unstable distribution (sid), these problems have been fixed in version 1.4.24-1. We recommend that you upgrade your haproxy packages. Affected Software/OS: 'haproxy' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2942 BugTraq ID: 53647 http://www.securityfocus.com/bid/53647 Debian Security Information: DSA-2711 (Google Search) http://www.debian.org/security/2013/dsa-2711 http://security.gentoo.org/glsa/glsa-201301-02.xml http://www.openwall.com/lists/oss-security/2012/05/23/12 http://www.openwall.com/lists/oss-security/2012/05/23/15 http://www.openwall.com/lists/oss-security/2012/05/28/1 http://secunia.com/advisories/49261 http://www.ubuntu.com/usn/USN-1800-1 XForce ISS Database: haproxy-trash-bo(75777) https://exchange.xforce.ibmcloud.com/vulnerabilities/75777 Common Vulnerability Exposure (CVE) ID: CVE-2013-1912 BugTraq ID: 58820 http://www.securityfocus.com/bid/58820 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103730.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103770.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103794.html http://www.openwall.com/lists/oss-security/2013/04/03/1 RedHat Security Advisories: RHSA-2013:0729 http://rhn.redhat.com/errata/RHSA-2013-0729.html RedHat Security Advisories: RHSA-2013:0868 http://rhn.redhat.com/errata/RHSA-2013-0868.html http://secunia.com/advisories/52725 Common Vulnerability Exposure (CVE) ID: CVE-2013-2175 54344 http://secunia.com/advisories/54344 DSA-2711 RHSA-2013:1120 http://rhn.redhat.com/errata/RHSA-2013-1120.html RHSA-2013:1204 http://rhn.redhat.com/errata/RHSA-2013-1204.html USN-1889-1 http://www.ubuntu.com/usn/USN-1889-1 [haproxy] 20130617 [ANNOUNCE] haproxy-1.5-dev19 and 1.4.24 (security update) http://marc.info/?l=haproxy&m=137147915029705&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=974259
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.