Overview
Security update for haproxy

This update for haproxy to version 2.0.10 fixes the following issues:

HAProxy was updated to 2.0.10

Security issues fixed:

- CVE-2019-18277: Fixed a potential HTTP smuggling in messages
with transfer-encoding header missing the "chunked" (bsc#1154980).
- Fixed an improper handling of headers which could have led to
injecting LFs in H2-to-H1 transfers creating new attack space (bsc#1157712)
- Fixed an issue where HEADER frames in idle streams are not rejected and
thus trying to decode them HAPrpxy crashes (bsc#1157714).

Other issue addressed:

- Macro change in the spec file (bsc#1082318)

More information regarding the release at:
http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1154980
VUL-0: CVE-2019-18277: haproxy: HTTP smuggling in messages with transfer-encoding header missing the "chunked" value
bnc#1082318
Packages must not mark license files as %doc
bnc#1157714
VUL-0: EMBARGOED: haproxy: Crash by sending HEADER frames in idle streas
bnc#1157712
VUL-1: EMBARGOED: haproxy: Possibility of injecting LFs in H2-to-H1 transfers
CVE-2019-18277
Selected Binaries
openSUSE Build Service is sponsored by
Places