Lucene search

K
debianDebianDEBIAN:DLA-445-1:92CBA
HistoryFeb 29, 2016 - 10:18 p.m.

[SECURITY] [DLA 445-1] squid3 security update

2016-02-2922:18:34
lists.debian.org
8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.562 Medium

EPSS

Percentile

97.6%

Package : squid3
Version : 3.1.6-1.2+squeeze6
CVE ID : CVE-2016-2569 CVE-2016-2571
Debian Bug : 816011

Several security issues have been discovered in the Squid caching proxy.

CVE-2016-2569

Squid wrongly checked boundaries of String data, making it possible
for remote attackers to cause a Denial-of-Service by a crafted HTTP
Vary header. Issue found by Mathias Fischer from Open Systems AG.

CVE-2016-2571

Squid was susceptible to a Denial of Service caused by storing
certain kind of data after failing to parse a response. Issue
discovered by Alex Rousskov from The Measurement Factory

For Debian 6 "Squeeze", these issues have been fixed in squid3 version
3.1.6-1.2+squeeze6. We recommend you to upgrade your squid3 packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: Digital signature

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.562 Medium

EPSS

Percentile

97.6%