Gentoo Bug 216319 - net-proxy/squid <2.6.18 arrayShrink assert Denial of Service (CVE-2008-1612)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	216319
Alias:
Product:
Component:
Status:	ASSIGNED
Resolution:
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 216319 depends on:			Show dependency tree Show dependency graph
Bug 216319 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as ASSIGNED
Resolve bug, changing resolution to
Resolve bug, mark it as duplicate of bug #
Reassign bug to
Reassign bug to default assignee of selected component

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-04-05 13:01 0000

CVE-2008-1612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1612):
  The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers
  to cause a denial of service (process exit) via unknown vectors that cause an
  array to shrink to 0 entries, which triggers an assert error.  NOTE: this
  issue is due to an incorrect fix for CVE-2007-6239.

------- Comment #1 From Robert Buchholz 2008-04-05 13:03:01 0000 -------

Net-proxy, since 2.6.18 is already in the tree, can we stable it?

------- Comment #2 From Alin Năstac 2008-04-11 19:24:34 0000 -------

Of course you can.

------- Comment #3 From Robert Buchholz 2008-04-11 19:35:05 0000 -------

Arches, please test and mark stable:
=net-proxy/squid-2.6.18
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86"

------- Comment #4 From Markus Meier 2008-04-11 21:09:03 0000 -------

amd64/x86 stable

------- Comment #5 From Markus Rothe 2008-04-12 08:09:40 0000 -------

ppc64 stable

------- Comment #6 From Raúl Porcel 2008-04-12 17:10:17 0000 -------

alpha/ia64/sparc stable

------- Comment #7 From Jeroen Roovers 2008-04-12 17:18:24 0000 -------

Stable for HPPA.

------- Comment #8 From Tobias Scherbaum 2008-04-12 17:52:53 0000 -------

ppc stable

------- Comment #9 From Robert Buchholz 2008-04-15 23:01:25 0000 -------

I think this warrants an errata for GLSA 200801-05.

------- Comment #10 From Peter Volkov 2008-04-21 07:48:17 0000 -------

Fixed in release snapshot.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 216319

net-proxy/squid <2.6.18 arrayShrink assert Denial of Service (CVE-2008-1612)

Last modified: 2008-04-21 07:48:17 0000