Summary: | <net-proxy/squid-3.2.9: DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc (CVE-2013-1839) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | eras, net-proxy+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/03/11/7 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
+*squid-3.3.3 (14 Mar 2013) +*squid-3.2.9 (14 Mar 2013) + + 14 Mar 2013; Eray Aslan <eras@gentoo.org> +squid-3.2.9.ebuild, + +squid-3.3.3.ebuild: + Security bump - bug #461492 + @security: We can stabilize =net-proxy/squid-3.2.9. Thank you. Arches, please test and mark stable: =net-proxy/squid-3.2.9 Target KEYWORDS: "alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd" amd64 stable x86 stable ppc stable ppc64 stable Stable for HPPA. arm stable sparc stable alpha stable Added to existing draft. ia64 stable This issue was resolved and addressed in GLSA 201309-22 at http://security.gentoo.org/glsa/glsa-201309-22.xml by GLSA coordinator Sergey Popov (pinkbyte). CVE-2013-1839 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1839): The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header. |
From ${URL} : > On 6/03/2013 9:53 a.m., tytusromekiatomek@...hmail.com wrote: >> ################################################################ >> # DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc # >> ################################################################ >> # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # >> c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # >> ####################################### >> >> # Versions: 3.2.5, 3.2.7 > > Thank you very much for reporting this to us upstream and ensuring > a patch was available before publishing it publicly *cough*. This > has now been fixed. > > Would you care to do better on the other ones before someone else > has a chance to mail your exploit to our bugs@ address and grab all > the discovery glory?