Gentoo Bug 77521 - www-proxy/squid - NTLM fakeauth_auth memory leak and NULL pointer access

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	77521
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 77521 depends on:			Show dependency tree
Bug 77521 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-01-11 07:28 0000

The NTLM fakeauth_auth helper has a memory leak that may cause it to run out of
memory under high load, or if it runs for a very long time. Additionally, a
malformed NTLM type 3 message could cause a segmentation violation.

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth

------- Comment #1 From Matthias Geerdsen 2005-01-11 13:18:56 0000 -------

cyfred, pls include the patch in the patchset

____

http://securitytracker.com/alerts/2005/Jan/1012818.html
http://secunia.com/advisories/13789/

------- Comment #2 From Andrew Bevitt 2005-01-11 13:40:02 0000 -------

Just went into cvs now.

------- Comment #3 From Matthias Geerdsen 2005-01-11 14:18:58 0000 -------

cyfred, pls bump the ebuild, so people can catch the updated patchset

We should probably use ~arch keywords, so that we can go through arch testing and don't run into problems like it happened before with a different ebuild.

------- Comment #4 From Andrew Bevitt 2005-01-11 23:39:45 0000 -------

Revision bump done.

------- Comment #5 From Matthias Geerdsen 2005-01-12 00:35:58 0000 -------

jaervosz and /me voted against GLSA publication on this one, if anyone objects
pls reopen

------- Comment #6 From Sune Kloppenborg Jeppesen 2005-01-16 12:31:23 0000 -------

GLSA 200501-25

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 77521

www-proxy/squid - NTLM fakeauth_auth memory leak and NULL pointer access

Last modified: 2005-01-16 12:31:23 0000