Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1148
HistorySep 03, 2014 - 12:00 a.m.

(RHSA-2014:1148) Important: squid security update

2014-09-0300:00:00
access.redhat.com
15

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.965 High

EPSS

Percentile

99.3%

JSON

Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

A flaw was found in the way Squid handled malformed HTTP Range headers.
A remote attacker able to send HTTP requests to the Squid proxy could use
this flaw to crash Squid. (CVE-2014-3609)

A buffer overflow flaw was found in Squid’s DNS lookup module. A remote
attacker able to send HTTP requests to the Squid proxy could use this flaw
to crash Squid. (CVE-2013-4115)

Red Hat would like to thank the Squid project for reporting the
CVE-2014-3609 issue. Upstream acknowledges Matthew Daley as the original
reporter.

All Squid users are advised to upgrade to this updated package, which
contains backported patches to correct these issues. After installing this
update, the squid service will be restarted automatically.

OSVersionArchitecturePackageVersionFilename
RedHat5ppcsquid-debuginfo< 2.6.STABLE21-7.el5_10squid-debuginfo-2.6.STABLE21-7.el5_10.ppc.rpm
RedHat6srcsquid< 3.1.10-22.el6_5squid-3.1.10-22.el6_5.src.rpm
RedHat5ppcsquid< 2.6.STABLE21-7.el5_10squid-2.6.STABLE21-7.el5_10.ppc.rpm
RedHat5x86_64squid-debuginfo< 2.6.STABLE21-7.el5_10squid-debuginfo-2.6.STABLE21-7.el5_10.x86_64.rpm
RedHat6x86_64squid< 3.1.10-22.el6_5squid-3.1.10-22.el6_5.x86_64.rpm
RedHat6i686squid< 3.1.10-22.el6_5squid-3.1.10-22.el6_5.i686.rpm
RedHat5x86_64squid< 2.6.STABLE21-7.el5_10squid-2.6.STABLE21-7.el5_10.x86_64.rpm
RedHat5s390xsquid< 2.6.STABLE21-7.el5_10squid-2.6.STABLE21-7.el5_10.s390x.rpm
RedHat6s390xsquid< 3.1.10-22.el6_5squid-3.1.10-22.el6_5.s390x.rpm
RedHat5srcsquid< 2.6.STABLE21-7.el5_10squid-2.6.STABLE21-7.el5_10.src.rpm
Rows per page:
1-10 of 201

Related

nessus 33
openvas 27
centos 2
oraclelinux 2
amazon 2
fedora 8
prion 2
cve 2
debiancve 2
securityvulns 4
checkpoint_advisories 2
veracode 2
ubuntucve 2
mageia 3
debian 6
osv 3
redhat 1
ubuntu 1
suse 3
gentoo 1
nessus
nessus
Oracle Linux 5 / 6 : squid (ELSA-2014-1148)
2014-09-04 00:00:00
RHEL 5 / 6 : squid (RHSA-2014:1148)
2014-09-04 00:00:00
CentOS 5 / 6 : squid (CESA-2014:1148)
2014-09-04 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-411)
2015-09-08 00:00:00
RedHat Update for squid RHSA-2014:1148-01
2014-09-04 00:00:00
Oracle Linux Local Check: ELSA-2014-1148
2015-10-06 00:00:00
centos
centos
squid security update
2014-09-03 23:16:08
squid security update
2014-09-03 23:09:15
oraclelinux
oraclelinux
squid security update
2014-09-03 00:00:00
squid security update
2014-09-03 00:00:00
amazon
amazon
Important: squid
2014-09-17 21:47:00
Important: squid
2014-10-22 20:04:00
fedora
fedora
[SECURITY] Fedora 19 Update: squid-3.3.13-1.fc19
2014-09-10 13:25:50
[SECURITY] Fedora 19 Update: squid-3.3.13-2.fc19
2014-10-14 04:40:30
[SECURITY] Fedora 20 Update: squid-3.3.13-1.fc20
2014-09-05 22:21:00
prion
prion
Buffer overflow
2013-08-09 22:55:00
Design/Logic Flaw
2014-09-11 18:55:00
cve
cve
CVE-2013-4115
2013-08-09 22:55:00
CVE-2014-3609
2014-09-11 18:55:00
debiancve
debiancve
CVE-2013-4115
2013-08-09 22:55:00
CVE-2014-3609
2014-09-11 18:55:00
securityvulns
securityvulns
[ MDVSA-2013:199 ] squid
2013-07-29 00:00:00
squid DoS
2013-07-29 00:00:00
squid DoS
2014-09-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Squid idnsALookup DNS Name Handling Buffer Overflow (CVE-2013-4115)
2013-08-25 00:00:00
Squid Range Header Denial of Service (CVE-2014-3609)
2014-09-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:00:28
Denial Of Service (DoS)
2019-05-02 05:11:40
ubuntucve
ubuntucve
CVE-2013-4115
2013-08-09 00:00:00
CVE-2014-3609
2014-08-28 00:00:00
mageia
mageia
Updated squid packages fix security vulnerability
2013-07-22 00:16:43
Updated squid packages fix CVE-2014-3609
2014-09-05 13:07:37
Updated squid packages fix security vulnerabilities
2013-07-22 00:18:36
debian
debian
[SECURITY] [DSA 3139-1] squid security update
2015-01-25 16:37:50
[SECURITY] [DSA 3014-1] squid3 security update
2014-08-28 15:36:10
[SECURITY] [DSA 3139-1] squid security update
2015-01-25 16:37:50
osv
osv
squid3 - security update
2014-08-28 00:00:00
squid - security update
2015-05-01 00:00:00
squid3 - security update
2014-09-04 00:00:00
redhat
redhat
(RHSA-2014:1147) Important: squid security update
2014-09-03 00:00:00
ubuntu
ubuntu
Squid 3 vulnerability
2014-08-28 00:00:00
suse
suse
Security update for squid3 (important)
2014-09-18 00:05:25
Security update for squid3 (important)
2016-08-09 17:12:26
Security update for squid3 (important)
2016-08-16 18:08:55
gentoo
gentoo
Squid: Multiple vulnerabilities
2013-09-27 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.965 High

EPSS

Percentile

99.3%

JSON
Related for RHSA-2014:1148
nessus33openvas27centos2oraclelinux2amazon2fedora8prion2cve2debiancve2securityvulns4checkpoint_advisories2veracode2ubuntucve2mageia3debian6osv3redhat1ubuntu1suse3gentoo1