5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.055 Low
EPSS
Percentile
93.1%
Debian Security Advisory DSA-2630-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
February 24, 2013 http://www.debian.org/security/faq
Package : squid3
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-5643 CVE-2013-0189
Debian Bug : 696187
Squid3, a fully featured Web proxy cache, is prone to a denial of
service attack due to memory consumption caused by memory leaks in
cachemgr.cgi:
CVE-2012-5643
squid's cachemgr.cgi was vulnerable to excessive resource use. A
remote attacker could exploit this flaw to perform a denial of
service attack on the server and other hosted services.
CVE-2013-0189
The original patch for CVE-2012-5643 was incomplete. A remote
attacker still could exploit this flaw to perform a denial of
service attack.
For the stable distribution (squeeze), these problems have been fixed in
version 3.1.6-1.2+squeeze3.
For the testing distribution (wheezy), these problems have been fixed in
version 3.1.20-2.1.
For the unstable distribution (sid), these problems have been fixed in
version 3.1.20-2.1.
We recommend that you upgrade your squid3 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | sparc | squid-cgi | <ย 3.1.6-1.2+squeeze3 | squid-cgi_3.1.6-1.2+squeeze3_sparc.deb |
Debian | 6 | sparc | squidclient | <ย 3.1.6-1.2+squeeze3 | squidclient_3.1.6-1.2+squeeze3_sparc.deb |
Debian | 6 | ia64 | squid3 | <ย 3.1.6-1.2+squeeze3 | squid3_3.1.6-1.2+squeeze3_ia64.deb |
Debian | 6 | i386 | squid-cgi | <ย 3.1.6-1.2+squeeze3 | squid-cgi_3.1.6-1.2+squeeze3_i386.deb |
Debian | 6 | amd64 | squid-cgi | <ย 3.1.6-1.2+squeeze3 | squid-cgi_3.1.6-1.2+squeeze3_amd64.deb |
Debian | 6 | mipsel | squidclient | <ย 3.1.6-1.2+squeeze3 | squidclient_3.1.6-1.2+squeeze3_mipsel.deb |
Debian | 6 | kfreebsd-i386 | squidclient | <ย 3.1.6-1.2+squeeze3 | squidclient_3.1.6-1.2+squeeze3_kfreebsd-i386.deb |
Debian | 6 | ia64 | squid-cgi | <ย 3.1.6-1.2+squeeze3 | squid-cgi_3.1.6-1.2+squeeze3_ia64.deb |
Debian | 6 | armel | squid3 | <ย 3.1.6-1.2+squeeze3 | squid3_3.1.6-1.2+squeeze3_armel.deb |
Debian | 6 | ia64 | squid3-dbg | <ย 3.1.6-1.2+squeeze3 | squid3-dbg_3.1.6-1.2+squeeze3_ia64.deb |