Gnoppix Security Update Patches Critical HAProxy Vulnerability
GSA-6291-1 addresses a critical security flaw in HAProxy, a TCP and HTTP proxy server. On systems running Gnoppix 23/25 and Gnoppix 25, a remote attacker can trigger a denial of service via a specially crafted HTTP request.
The vulnerability relates to improper handling of certain HTTP headers. This can cause the HAProxy process to crash, leading to service disruption.
Impact: A successful exploit allows an unauthenticated attacker to crash HAProxy remotely.
Affected versions include HAProxy packages on Gnoppix stable releases. The issue requires immediate patching.
Resolution involves updating the HAProxy package to the corrected version.
How to update
Run a standard system update to apply the fix. No reboot is required after the update.
Background details
The flaw was discovered during internal code review. No active exploits have been reported in the wild. - Please update your systems.