Ubuntu USN · USN-8459-1

HAProxy vulnerabilities

Published: Mon, 22 Jun 2026 13:55

CVE-2026-55204CVE-2026-55203

Summary

Several security issues were fixed in HAProxy.

Details

It was discovered that HAProxy incorrectly handled the FCGI demultiplexer record length field. A remote attacker could possibly use this issue to cause incorrect request routing, response smuggling, or other memory safety issues. (CVE-2026-55203) It was discovered that HAProxy failed to validate the return value of the HPACK dynamic table defragmentation function when memory was exhausted. A remote attacker could possibly use this issue to cause HAProxy to crash, resulting in a denial of service. (CVE-2026-55204)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu jammy

haproxy→2.4.30-0ubuntu0.22.04.2apt_upgrade
Standard apt upgrade. Install 2.4.30-0ubuntu0.22.04.2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
haproxy→2.4.30-0ubuntu0.22.04.2apt_upgrade
Standard apt upgrade. Install 2.4.30-0ubuntu0.22.04.2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
haproxy-doc→2.4.30-0ubuntu0.22.04.2apt_upgrade
Standard apt upgrade. Install 2.4.30-0ubuntu0.22.04.2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy-doc
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
vim-haproxy→2.4.30-0ubuntu0.22.04.2apt_upgrade
Standard apt upgrade. Install 2.4.30-0ubuntu0.22.04.2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y vim-haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

haproxy→2.8.16-0ubuntu0.24.04.3apt_upgrade
Standard apt upgrade. Install 2.8.16-0ubuntu0.24.04.3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
haproxy→2.8.16-0ubuntu0.24.04.3apt_upgrade
Standard apt upgrade. Install 2.8.16-0ubuntu0.24.04.3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
haproxy-doc→2.8.16-0ubuntu0.24.04.3apt_upgrade
Standard apt upgrade. Install 2.8.16-0ubuntu0.24.04.3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy-doc
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
vim-haproxy→2.8.16-0ubuntu0.24.04.3apt_upgrade
Standard apt upgrade. Install 2.8.16-0ubuntu0.24.04.3 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y vim-haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu questing

haproxy→3.0.12-0ubuntu0.25.10.5apt_upgrade
Standard apt upgrade. Install 3.0.12-0ubuntu0.25.10.5 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
haproxy→3.0.12-0ubuntu0.25.10.5apt_upgrade
Standard apt upgrade. Install 3.0.12-0ubuntu0.25.10.5 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
haproxy-doc→3.0.12-0ubuntu0.25.10.5apt_upgrade
Standard apt upgrade. Install 3.0.12-0ubuntu0.25.10.5 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy-doc
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
vim-haproxy→3.0.12-0ubuntu0.25.10.5apt_upgrade
Standard apt upgrade. Install 3.0.12-0ubuntu0.25.10.5 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y vim-haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

haproxy→3.2.9-1ubuntu2.2apt_upgrade
Standard apt upgrade. Install 3.2.9-1ubuntu2.2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
haproxy→3.2.9-1ubuntu2.2apt_upgrade
Standard apt upgrade. Install 3.2.9-1ubuntu2.2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
haproxy-doc→3.2.9-1ubuntu2.2apt_upgrade
Standard apt upgrade. Install 3.2.9-1ubuntu2.2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y haproxy-doc
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
vim-haproxy→3.2.9-1ubuntu2.2apt_upgrade
Standard apt upgrade. Install 3.2.9-1ubuntu2.2 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y vim-haproxy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8459-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8459-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Read the bash source first

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.

Start free trial →See StackPatch →Live audit log →