Parent Directory | Revision Log
Fixing bug reference in security advisories for squid mga#10516
1 | davidwhodgins | 221 | type: security |
2 | subject: Updated squid packages fix security vulnerabilities | ||
3 | CVE: | ||
4 | - CVE-2013-4115 | ||
5 | - CVE-2013-4123 | ||
6 | src: | ||
7 | 3: | ||
8 | core: | ||
9 | - squid-3.2.10-1.4.mga3 | ||
10 | description: | | ||
11 | Due to incorrect data validation Squid is vulnerable to a buffer overflow | ||
12 | attack when processing specially crafted HTTP requests. This problem allows | ||
13 | any trusted client or client script who can generate HTTP requests to trigger | ||
14 | a buffer overflow in Squid, resulting in a termination of the Squid service | ||
15 | (CVE-2013-4115). | ||
16 | |||
17 | Due to incorrect data validation Squid is vulnerable to a denial of service | ||
18 | attack when processing specially crafted HTTP requests. This problem allows | ||
19 | any client who can generate HTTP requests to perform a denial of service | ||
20 | attack on the Squid service (CVE-2013-4123). | ||
21 | |||
22 | Also, due to being renamed in Squid 3.2, the Squid external acl helpers for | ||
23 | matching against IP addresses and LDAP groups were not selected to be built | ||
24 | in the squid package for Mageia 3. | ||
25 | |||
26 | This has been corrected and these helpers are now included. Additionally, | ||
27 | the helpers for eDirectory IP address lookups and matching LDAP groups using | ||
28 | Kerberos credentials have also been included. | ||
29 | references: | ||
30 | davidwhodgins | 222 | - https://bugs.mageia.org/show_bug.cgi?id=10516 |
31 | davidwhodgins | 221 | - http://www.squid-cache.org/Advisories/SQUID-2013_2.txt |
32 | - http://www.squid-cache.org/Advisories/SQUID-2013_3.txt | ||
33 | - ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.2/squid-3.2.0.9-RELEASENOTES.html#ss2.4 | ||
34 | - http://www.squid-cache.org/Doc/man/ |
ViewVC Help | |
Powered by ViewVC 1.1.30 |