Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2014:1148
HistorySep 03, 2014 - 11:16 p.m.

squid security update

2014-09-0323:16:08
CentOS Project
lists.centos.org
50

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.962 High

EPSS

Percentile

99.5%

JSON

CentOS Errata and Security Advisory CESA-2014:1148

Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

A flaw was found in the way Squid handled malformed HTTP Range headers.
A remote attacker able to send HTTP requests to the Squid proxy could use
this flaw to crash Squid. (CVE-2014-3609)

A buffer overflow flaw was found in Squid’s DNS lookup module. A remote
attacker able to send HTTP requests to the Squid proxy could use this flaw
to crash Squid. (CVE-2013-4115)

Red Hat would like to thank the Squid project for reporting the
CVE-2014-3609 issue. Upstream acknowledges Matthew Daley as the original
reporter.

All Squid users are advised to upgrade to this updated package, which
contains backported patches to correct these issues. After installing this
update, the squid service will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-September/082696.html
https://lists.centos.org/pipermail/centos-announce/2014-September/082699.html

Affected packages:
squid

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1148

Related

nessus 33
openvas 36
redhat 2
oraclelinux 2
amazon 2
fedora 8
prion 2
cve 2
securityvulns 4
debiancve 2
checkpoint_advisories 2
veracode 2
ubuntucve 2
mageia 3
debian 6
osv 3
ubuntu 1
suse 3
centos 1
gentoo 1
nessus
nessus
Oracle Linux 5 / 6 : squid (ELSA-2014-1148)
2014-09-04 00:00:00
RHEL 5 / 6 : squid (RHSA-2014:1148)
2014-09-04 00:00:00
Scientific Linux Security Update : squid on SL5.x, SL6.x i386/x86_64 (20140903)
2014-09-05 00:00:00
openvas
openvas
RedHat Update for squid RHSA-2014:1148-01
2014-09-04 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-411)
2015-09-08 00:00:00
CentOS Update for squid CESA-2014:1148 centos5
2014-09-04 00:00:00
redhat
redhat
(RHSA-2014:1148) Important: squid security update
2014-09-03 00:00:00
(RHSA-2014:1147) Important: squid security update
2014-09-03 00:00:00
oraclelinux
oraclelinux
squid security update
2014-09-03 00:00:00
squid security update
2014-09-03 00:00:00
amazon
amazon
Important: squid
2014-09-17 21:47:00
Important: squid
2014-10-22 20:04:00
fedora
fedora
[SECURITY] Fedora 19 Update: squid-3.3.13-1.fc19
2014-09-10 13:25:50
[SECURITY] Fedora 19 Update: squid-3.3.13-2.fc19
2014-10-14 04:40:30
[SECURITY] Fedora 20 Update: squid-3.3.13-1.fc20
2014-09-05 22:21:00
prion
prion
Buffer overflow
2013-08-09 22:55:00
Design/Logic Flaw
2014-09-11 18:55:00
cve
cve
CVE-2013-4115
2013-08-09 22:55:00
CVE-2014-3609
2014-09-11 18:55:00
securityvulns
securityvulns
[ MDVSA-2013:199 ] squid
2013-07-29 00:00:00
squid DoS
2013-07-29 00:00:00
squid DoS
2014-09-02 00:00:00
debiancve
debiancve
CVE-2013-4115
2013-08-09 22:55:00
CVE-2014-3609
2014-09-11 18:55:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Squid idnsALookup DNS Name Handling Buffer Overflow (CVE-2013-4115)
2013-08-25 00:00:00
Squid Range Header Denial of Service (CVE-2014-3609)
2014-09-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:00:28
Denial Of Service (DoS)
2019-05-02 05:11:40
ubuntucve
ubuntucve
CVE-2013-4115
2013-08-09 00:00:00
CVE-2014-3609
2014-08-28 00:00:00
mageia
mageia
Updated squid packages fix security vulnerability
2013-07-22 00:16:43
Updated squid packages fix CVE-2014-3609
2014-09-05 13:07:37
Updated squid packages fix security vulnerabilities
2013-07-22 00:18:36
debian
debian
[SECURITY] [DSA 3139-1] squid security update
2015-01-25 16:37:50
[SECURITY] [DSA 3014-1] squid3 security update
2014-08-28 15:36:10
[SECURITY] [DSA 3139-1] squid security update
2015-01-25 16:37:50
osv
osv
squid3 - security update
2014-08-28 00:00:00
squid - security update
2015-05-01 00:00:00
squid3 - security update
2014-09-04 00:00:00
ubuntu
ubuntu
Squid 3 vulnerability
2014-08-28 00:00:00
suse
suse
Security update for squid3 (important)
2014-09-18 00:05:25
Security update for squid3 (important)
2016-08-09 17:12:26
Security update for squid3 (important)
2016-08-16 18:08:55
centos
centos
squid security update
2014-09-03 23:09:15
gentoo
gentoo
Squid: Multiple vulnerabilities
2013-09-27 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.962 High

EPSS

Percentile

99.5%

JSON
Related for CESA-2014:1148
nessus33openvas36redhat2oraclelinux2amazon2fedora8prion2cve2securityvulns4debiancve2checkpoint_advisories2veracode2ubuntucve2mageia3debian6osv3ubuntu1suse3centos1gentoo1