Lucene search

K
mageiaGentoo FoundationMGASA-2014-0192
HistoryApr 24, 2014 - 11:04 p.m.

Updated squid package fixes CVE-2014-0128

2014-04-2423:04:48
Gentoo Foundation
advisories.mageia.org
15

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.156

Percentile

96.0%

Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled (CVE-2014-0128).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchsquid< 3.2.10-1.6squid-3.2.10-1.6.mga3

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.156

Percentile

96.0%