From https://bugzilla.redhat.com/show_bug.cgi?id=1139967: Sebastian Krahmer discovered an off-by-one error, leading to a heap-based buffer overflow flaw, in the way Squid handled UDP SNMP requests. An unauthenticated, remote attacker could possibly use this flaw to crash Squid or, potentially, execute arbitrary code. As noted in Sebastian's original report, an SNMP port must be configured. The default configuration of Squid for Red Hat Enterprise Linux 6 and 7 does not include an snmp_port declaration (http://wiki.squid-cache.org/Features/Snmp). Patch: http://bugzillafiles.novell.org/attachment.cgi?id=605545 References: https://bugzilla.novell.com/show_bug.cgi?id=895773 http://seclists.org/oss-sec/2014/q3/542 From https://bugzilla.redhat.com/show_bug.cgi?id=1139715: It was discovered [1] that pinger code that checks for nodes being alive doesnt properly validate ICMP and ICMPv6 replies, in particular icmp6 types which are used to index into a string array. This could cause crashes when the index is OOB. CVE reuqested at [1] too, and a patch is available at [2]. It looks like you can only DoS the pinger sub-system, not the whole squid though. [1]: http://seclists.org/oss-sec/2014/q3/539 [2]: https://bugzilla.novell.com/show_bug.cgi?id=891268 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
+*squid-3.4.7-r1 (29 Sep 2014) +*squid-3.3.13-r1 (29 Sep 2014) + + 29 Sep 2014; Eray Aslan <eras@gentoo.org> +files/squid-12683_12681.patch, + +files/squid-13173_13171.patch, +squid-3.3.13-r1.ebuild, + +squid-3.4.7-r1.ebuild: + Security bump - bug #522498 + Arches, please test and mark stable =net-proxy/squid-3.3.13-r1. Thank you. Target Keywords: alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd
Stable for HPPA.
amd64 stable
x86 stable
alpha stable
ppc stable
arm stable
ppc64 stable
ia64 stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Added to existing GLSA request
CVE-2014-7142 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7142): The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. CVE-2014-7141 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7141): The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
Cleanup is already done
This issue was resolved and addressed in GLSA 201411-11 at http://security.gentoo.org/glsa/glsa-201411-11.xml by GLSA coordinator Sergey Popov (pinkbyte).
