Parent Directory
| 
Revision Log
Fixing bug reference in security advisories for squid mga#10516
| 1 | davidwhodgins | 221 | type: security |
| 2 | subject: Updated squid packages fix security vulnerabilities | ||
| 3 | CVE: | ||
| 4 | - CVE-2013-4115 | ||
| 5 | - CVE-2013-4123 | ||
| 6 | src: | ||
| 7 | 3: | ||
| 8 | core: | ||
| 9 | - squid-3.2.10-1.4.mga3 | ||
| 10 | description: | | ||
| 11 | Due to incorrect data validation Squid is vulnerable to a buffer overflow | ||
| 12 | attack when processing specially crafted HTTP requests. This problem allows | ||
| 13 | any trusted client or client script who can generate HTTP requests to trigger | ||
| 14 | a buffer overflow in Squid, resulting in a termination of the Squid service | ||
| 15 | (CVE-2013-4115). | ||
| 16 | |||
| 17 | Due to incorrect data validation Squid is vulnerable to a denial of service | ||
| 18 | attack when processing specially crafted HTTP requests. This problem allows | ||
| 19 | any client who can generate HTTP requests to perform a denial of service | ||
| 20 | attack on the Squid service (CVE-2013-4123). | ||
| 21 | |||
| 22 | Also, due to being renamed in Squid 3.2, the Squid external acl helpers for | ||
| 23 | matching against IP addresses and LDAP groups were not selected to be built | ||
| 24 | in the squid package for Mageia 3. | ||
| 25 | |||
| 26 | This has been corrected and these helpers are now included. Additionally, | ||
| 27 | the helpers for eDirectory IP address lookups and matching LDAP groups using | ||
| 28 | Kerberos credentials have also been included. | ||
| 29 | references: | ||
| 30 | davidwhodgins | 222 | - https://bugs.mageia.org/show_bug.cgi?id=10516 |
| 31 | davidwhodgins | 221 | - http://www.squid-cache.org/Advisories/SQUID-2013_2.txt |
| 32 | - http://www.squid-cache.org/Advisories/SQUID-2013_3.txt | ||
| 33 | - ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.2/squid-3.2.0.9-RELEASENOTES.html#ss2.4 | ||
| 34 | - http://www.squid-cache.org/Doc/man/ |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |