Summary: | <net-proxy/squid-3.3.13-r1: two vulnerabilities (CVE-2014-{7141,7142}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | eras, net-proxy+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-09-10 09:45:56 UTC
+*squid-3.4.7-r1 (29 Sep 2014) +*squid-3.3.13-r1 (29 Sep 2014) + + 29 Sep 2014; Eray Aslan <eras@gentoo.org> +files/squid-12683_12681.patch, + +files/squid-13173_13171.patch, +squid-3.3.13-r1.ebuild, + +squid-3.4.7-r1.ebuild: + Security bump - bug #522498 + Arches, please test and mark stable =net-proxy/squid-3.3.13-r1. Thank you. Target Keywords: alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd Stable for HPPA. amd64 stable x86 stable alpha stable ppc stable arm stable ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Added to existing GLSA request CVE-2014-7142 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7142): The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. CVE-2014-7141 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7141): The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. Cleanup is already done This issue was resolved and addressed in GLSA 201411-11 at http://security.gentoo.org/glsa/glsa-201411-11.xml by GLSA coordinator Sergey Popov (pinkbyte). |