Mageia alert MGASA-2013-0228 (squid)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2013-0228: Updated squid packages fix security vulnerabilities | |
| Date: | Sun, 21 Jul 2013 22:18:38 +0200 | |
| Message-ID: | <20130721201838.A30A541687@valstar.mageia.org> |
MGASA-2013-0228 - Updated squid packages fix security vulnerabilities Publication date: 21 Jul 2013 URL: http://advisories.mageia.org/MGASA-2013-0228.html Type: security Affected Mageia releases: 3 CVE: CVE-2013-4115, CVE-2013-4123 Description: Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service (CVE-2013-4115). Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted HTTP requests. This problem allows any client who can generate HTTP requests to perform a denial of service attack on the Squid service (CVE-2013-4123). Also, due to being renamed in Squid 3.2, the Squid external acl helpers for matching against IP addresses and LDAP groups were not selected to be built in the squid package for Mageia 3. This has been corrected and these helpers are now included. Additionally, the helpers for eDirectory IP address lookups and matching LDAP groups using Kerberos credentials have also been included. References: - https://bugs.mageia.org/show_bug.cgi?id=10516 - http://www.squid-cache.org/Advisories/SQUID-2013_2.txt - http://www.squid-cache.org/Advisories/SQUID-2013_3.txt - ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.2/squid-3... - http://www.squid-cache.org/Doc/man/ - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4115 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4123 SRPMS: - 3/core/squid-3.2.10-1.4.mga3