Parent Directory
| 
Revision Log
MGASA-2013-0228: squid-3.2.10-1.4.mga3
| 1 | type: security |
| 2 | subject: Updated squid packages fix security vulnerabilities |
| 3 | CVE: |
| 4 | - CVE-2013-4115 |
| 5 | - CVE-2013-4123 |
| 6 | src: |
| 7 | 3: |
| 8 | core: |
| 9 | - squid-3.2.10-1.4.mga3 |
| 10 | description: | |
| 11 | Due to incorrect data validation Squid is vulnerable to a buffer overflow |
| 12 | attack when processing specially crafted HTTP requests. This problem allows |
| 13 | any trusted client or client script who can generate HTTP requests to trigger |
| 14 | a buffer overflow in Squid, resulting in a termination of the Squid service |
| 15 | (CVE-2013-4115). |
| 16 | |
| 17 | Due to incorrect data validation Squid is vulnerable to a denial of service |
| 18 | attack when processing specially crafted HTTP requests. This problem allows |
| 19 | any client who can generate HTTP requests to perform a denial of service |
| 20 | attack on the Squid service (CVE-2013-4123). |
| 21 | |
| 22 | Also, due to being renamed in Squid 3.2, the Squid external acl helpers for |
| 23 | matching against IP addresses and LDAP groups were not selected to be built |
| 24 | in the squid package for Mageia 3. |
| 25 | |
| 26 | This has been corrected and these helpers are now included. Additionally, |
| 27 | the helpers for eDirectory IP address lookups and matching LDAP groups using |
| 28 | Kerberos credentials have also been included. |
| 29 | references: |
| 30 | - https://bugs.mageia.org/show_bug.cgi?id=10516 |
| 31 | - http://www.squid-cache.org/Advisories/SQUID-2013_2.txt |
| 32 | - http://www.squid-cache.org/Advisories/SQUID-2013_3.txt |
| 33 | - ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.2/squid-3.2.0.9-RELEASENOTES.html#ss2.4 |
| 34 | - http://www.squid-cache.org/Doc/man/ |
| 35 | ID: MGASA-2013-0228 |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |