Parent Directory | Revision Log
MGASA-2013-0228: squid-3.2.10-1.4.mga3
1 | type: security |
2 | subject: Updated squid packages fix security vulnerabilities |
3 | CVE: |
4 | - CVE-2013-4115 |
5 | - CVE-2013-4123 |
6 | src: |
7 | 3: |
8 | core: |
9 | - squid-3.2.10-1.4.mga3 |
10 | description: | |
11 | Due to incorrect data validation Squid is vulnerable to a buffer overflow |
12 | attack when processing specially crafted HTTP requests. This problem allows |
13 | any trusted client or client script who can generate HTTP requests to trigger |
14 | a buffer overflow in Squid, resulting in a termination of the Squid service |
15 | (CVE-2013-4115). |
16 | |
17 | Due to incorrect data validation Squid is vulnerable to a denial of service |
18 | attack when processing specially crafted HTTP requests. This problem allows |
19 | any client who can generate HTTP requests to perform a denial of service |
20 | attack on the Squid service (CVE-2013-4123). |
21 | |
22 | Also, due to being renamed in Squid 3.2, the Squid external acl helpers for |
23 | matching against IP addresses and LDAP groups were not selected to be built |
24 | in the squid package for Mageia 3. |
25 | |
26 | This has been corrected and these helpers are now included. Additionally, |
27 | the helpers for eDirectory IP address lookups and matching LDAP groups using |
28 | Kerberos credentials have also been included. |
29 | references: |
30 | - https://bugs.mageia.org/show_bug.cgi?id=10516 |
31 | - http://www.squid-cache.org/Advisories/SQUID-2013_2.txt |
32 | - http://www.squid-cache.org/Advisories/SQUID-2013_3.txt |
33 | - ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.2/squid-3.2.0.9-RELEASENOTES.html#ss2.4 |
34 | - http://www.squid-cache.org/Doc/man/ |
35 | ID: MGASA-2013-0228 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |