Summary: | <net-proxy/squid-{3.3.12,3.4.3}: denial of service when using SSL-Bump (CVE-2014-0128) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | eras, net-proxy+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1074870 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-11 08:21:06 UTC
+*squid-3.4.4 (11 Mar 2014) +*squid-3.3.12 (11 Mar 2014) + + 11 Mar 2014; Eray Aslan <eras@gentoo.org> +squid-3.3.12.ebuild, + +squid-3.4.4.ebuild: + Security bump - bug #504176 + @security: Please stabilize =net-proxy/squid-3.3.12. Thank you. @eras, it seems that you forgot to CC arch teams Arches, please test and mark stable =net-proxy/squid-3.3.12 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. amd64 stable arm stable x86 stable ppc stable alpha stable ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. Arches and Maintainer(s), Thank you for your work! Security please Vote! CVE-2014-0128 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0128): Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. Maintainer(s), Thank you for cleanup! GLSA Vote: Yes YES too, request filed. This issue was resolved and addressed in GLSA 201411-11 at http://security.gentoo.org/glsa/glsa-201411-11.xml by GLSA coordinator Sergey Popov (pinkbyte). |