/[advisories]/10516.mga3.adv
ViewVC logotype

Annotation of /10516.mga3.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 251 - (hide annotations) (download)
Sun Jul 21 20:18:31 2013 UTC (7 years, 3 months ago) by tmb
File size: 1520 byte(s)
MGASA-2013-0228: squid-3.2.10-1.4.mga3
1 davidwhodgins 221 type: security
2     subject: Updated squid packages fix security vulnerabilities
3     CVE:
4     - CVE-2013-4115
5     - CVE-2013-4123
6     src:
7     3:
8     core:
9     - squid-3.2.10-1.4.mga3
10     description: |
11     Due to incorrect data validation Squid is vulnerable to a buffer overflow
12     attack when processing specially crafted HTTP requests. This problem allows
13     any trusted client or client script who can generate HTTP requests to trigger
14     a buffer overflow in Squid, resulting in a termination of the Squid service
15     (CVE-2013-4115).
16    
17     Due to incorrect data validation Squid is vulnerable to a denial of service
18     attack when processing specially crafted HTTP requests. This problem allows
19     any client who can generate HTTP requests to perform a denial of service
20     attack on the Squid service (CVE-2013-4123).
21    
22     Also, due to being renamed in Squid 3.2, the Squid external acl helpers for
23     matching against IP addresses and LDAP groups were not selected to be built
24     in the squid package for Mageia 3.
25    
26     This has been corrected and these helpers are now included. Additionally,
27     the helpers for eDirectory IP address lookups and matching LDAP groups using
28     Kerberos credentials have also been included.
29     references:
30 davidwhodgins 222 - https://bugs.mageia.org/show_bug.cgi?id=10516
31 davidwhodgins 221 - http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
32     - http://www.squid-cache.org/Advisories/SQUID-2013_3.txt
33     - ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.2/squid-3.2.0.9-RELEASENOTES.html#ss2.4
34     - http://www.squid-cache.org/Doc/man/
35 tmb 251 ID: MGASA-2013-0228

  ViewVC Help
Powered by ViewVC 1.1.28