Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 381065 (CVE-2011-3205) - <net-proxy/squid-3.1.15 Buffer Overflow Vulnerability (CVE-2011-3205)
Summary: <net-proxy/squid-3.1.15 Buffer Overflow Vulnerability (CVE-2011-3205)
Alias: CVE-2011-3205
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa]
Depends on:
Reported: 2011-08-29 14:34 UTC by Agostino Sarubbo
Modified: 2011-10-26 20:48 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-08-29 14:34:32 UTC
From secunia security advisor at $URL:

The vulnerability is caused due to a boundary error when processing Gopher responses and can be exploited to cause a buffer overflow via an overly long string.
Successful exploitation may allow execution of arbitrary code.

Update to version 3.0.STABLE26 or 3.1.15.
Comment 1 Agostino Sarubbo gentoo-dev 2011-08-29 22:24:03 UTC
all member of net-proxy herd are away atm.
I want CC Eray; he is the committers of last version[1] available in tree, so, probably he wants take care of this bump.

29 Apr 2011; Eray Aslan <> +squid-3.1.12.ebuild,
Non-maintainer version bump - bug #362049
Comment 2 Eray Aslan gentoo-dev 2011-08-31 08:11:46 UTC
+*squid-3.1.15 (31 Aug 2011)
+  31 Aug 2011; Eray Aslan <> +squid-3.1.15.ebuild,
+  +files/squid-3.1.15-gentoo.patch:
+  version bump - security bug #381065
Comment 3 Agostino Sarubbo gentoo-dev 2011-08-31 08:44:43 UTC
Great, thanks Eray for your extra-works ;)

arches, please test and mark stable : 


target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 4 Agostino Sarubbo gentoo-dev 2011-09-01 08:20:49 UTC
amd64 ok
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-09-01 10:43:58 UTC

ditto Ago
Comment 6 Tony Vroon (RETIRED) gentoo-dev 2011-09-01 14:21:54 UTC
+  01 Sep 2011; Tony Vroon <> squid-3.1.15.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian
+  "idella4" Delaney in security bug #381065.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2011-09-03 05:55:26 UTC
Stable for HPPA.
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-09-03 08:50:15 UTC
ppc/ppc64 stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-09-03 13:29:47 UTC
alpha/arm/ia64/sparc/x86 stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-09-04 00:26:48 UTC
Thanks, folks. Added to existing GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:48:06 UTC
CVE-2011-3205 (
  Buffer overflow in the gopherToHTML function in in the Gopher
  reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
  before allows remote Gopher servers to cause a denial of service
  (memory corruption and daemon restart) or possibly have unspecified other
  impact via a long line in a response.  NOTE: This issue exists because of a
  CVE-2005-0094 regression.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2011-10-26 20:48:13 UTC
This issue was resolved and addressed in
 GLSA 201110-24 at
by GLSA coordinator Tim Sammut (underling).