logo
DATABASE RESOURCES PRICING ABOUT US

Mandriva Linux Security Advisory : squid (MDVSA-2015:103)

Description

Updated squid packages fix security vulnerabilities : Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled (CVE-2014-0128). Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service (CVE-2014-3609). Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer (CVE-2014-6270). Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack when processing larger than normal ICMP or ICMPv6 packets (CVE-2014-7141). Due to incorrect input validation Squid pinger binary is vulnerable to denial of service or information leak attacks when processing ICMP or ICMPv6 packets (CVE-2014-7142).


Related