An update for haproxy is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2794 Final 1.0 1.0 2026-06-24 Initial 2026-06-24 2026-06-24 openEuler SA Tool V1.0 2026-06-24 haproxy security update An update for haproxy is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fix(es): HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.(CVE-2026-55203) HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.(CVE-2026-55204) An update for haproxy is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High haproxy https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2794 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-55203 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-55204 https://nvd.nist.gov/vuln/detail/CVE-2026-55203 https://nvd.nist.gov/vuln/detail/CVE-2026-55204 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 haproxy-2.2.16-10.oe2003sp4.aarch64.rpm haproxy-debuginfo-2.2.16-10.oe2003sp4.aarch64.rpm haproxy-debugsource-2.2.16-10.oe2003sp4.aarch64.rpm haproxy-2.6.6-20.oe2203sp4.aarch64.rpm haproxy-debuginfo-2.6.6-20.oe2203sp4.aarch64.rpm haproxy-debugsource-2.6.6-20.oe2203sp4.aarch64.rpm haproxy-2.9.5-14.oe2403sp1.aarch64.rpm haproxy-debuginfo-2.9.5-14.oe2403sp1.aarch64.rpm haproxy-debugsource-2.9.5-14.oe2403sp1.aarch64.rpm haproxy-3.0.11-3.oe2403sp3.aarch64.rpm haproxy-debuginfo-3.0.11-3.oe2403sp3.aarch64.rpm haproxy-debugsource-3.0.11-3.oe2403sp3.aarch64.rpm haproxy-2.2.16-10.oe2003sp4.src.rpm haproxy-2.6.6-20.oe2203sp4.src.rpm haproxy-2.9.5-14.oe2403sp1.src.rpm haproxy-3.0.11-3.oe2403sp3.src.rpm haproxy-2.2.16-10.oe2003sp4.x86_64.rpm haproxy-debuginfo-2.2.16-10.oe2003sp4.x86_64.rpm haproxy-debugsource-2.2.16-10.oe2003sp4.x86_64.rpm haproxy-2.6.6-20.oe2203sp4.x86_64.rpm haproxy-debuginfo-2.6.6-20.oe2203sp4.x86_64.rpm haproxy-debugsource-2.6.6-20.oe2203sp4.x86_64.rpm haproxy-2.9.5-14.oe2403sp1.x86_64.rpm haproxy-debuginfo-2.9.5-14.oe2403sp1.x86_64.rpm haproxy-debugsource-2.9.5-14.oe2403sp1.x86_64.rpm haproxy-3.0.11-3.oe2403sp3.x86_64.rpm haproxy-debuginfo-3.0.11-3.oe2403sp3.x86_64.rpm haproxy-debugsource-3.0.11-3.oe2403sp3.x86_64.rpm haproxy-help-2.2.16-10.oe2003sp4.noarch.rpm haproxy-help-2.6.6-20.oe2203sp4.noarch.rpm haproxy-help-2.9.5-14.oe2403sp1.noarch.rpm haproxy-help-3.0.11-3.oe2403sp3.noarch.rpm HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues. 2026-06-24 CVE-2026-55203 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N haproxy security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2794 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service. 2026-06-24 CVE-2026-55204 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H haproxy security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2794