Summary: | <net-proxy/squid-3.1.22: cachemgr.cgi Memory Leak Denial of Service Vulnerability (CVE-2012-5643) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | eras, net-proxy+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/51545/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-12-17 14:03:14 UTC
+*squid-3.2.5 (17 Dec 2012) +*squid-3.1.22 (17 Dec 2012) + + 17 Dec 2012; Eray Aslan <eras@gentoo.org> +files/squid.initd-logrotate-r2, + +files/squid.initd-r2, +squid-3.1.22.ebuild, +squid-3.2.5.ebuild: + Security bump - bug #447596 + @security: We can stabilize =net-proxy/squid-3.1.22. Thank you. Arches, please test and mark stable: =net-proxy/squid-3.1.22 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" amd64 stable x86 stable Stable for HPPA. ppc stable CVE-2012-5643 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5643): Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. ppc64 stable arm stable ia64 stable sparc stable alpha stable GLSA vote: yes. GLSA Vote: yes, too. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201309-22 at http://security.gentoo.org/glsa/glsa-201309-22.xml by GLSA coordinator Sergey Popov (pinkbyte). |