Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 522498 (CVE-2014-7141) - <net-proxy/squid-3.3.13-r1: two vulnerabilities (CVE-2014-{7141,7142})
Summary: <net-proxy/squid-3.3.13-r1: two vulnerabilities (CVE-2014-{7141,7142})
Alias: CVE-2014-7141
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2014-09-10 09:45 UTC by Agostino Sarubbo
Modified: 2014-11-27 14:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-09-10 09:45:56 UTC

Sebastian Krahmer discovered an off-by-one error, leading to a heap-based buffer overflow flaw, in the way Squid handled UDP SNMP requests. An unauthenticated, remote attacker could possibly use this flaw to crash Squid or, potentially, execute arbitrary code.

As noted in Sebastian's original report, an SNMP port must be configured. The default configuration of Squid for Red Hat Enterprise Linux 6 and 7 does not include an snmp_port declaration (




It was discovered [1] that pinger code that checks for nodes being alive doesnt
properly validate ICMP and ICMPv6 replies, in particular
icmp6 types which are used to index into a string array.
This could cause crashes when the index is OOB.

CVE reuqested at [1] too, and a patch is available at [2].

It looks like you can only DoS the pinger sub-system,
not the whole squid though.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Eray Aslan gentoo-dev 2014-09-29 14:20:25 UTC
+*squid-3.4.7-r1 (29 Sep 2014)
+*squid-3.3.13-r1 (29 Sep 2014)
+  29 Sep 2014; Eray Aslan <> +files/squid-12683_12681.patch,
+  +files/squid-13173_13171.patch, +squid-3.3.13-r1.ebuild,
+  +squid-3.4.7-r1.ebuild:
+  Security bump - bug #522498

Arches, please test and mark stable =net-proxy/squid-3.3.13-r1.  Thank you.

Target Keywords: alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2014-09-29 22:44:21 UTC
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2014-10-01 07:45:00 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-10-01 07:45:34 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-10-05 15:01:50 UTC
alpha stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-10-05 15:06:19 UTC
ppc stable
Comment 7 Markus Meier gentoo-dev 2014-10-10 20:09:59 UTC
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-10-17 13:39:05 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-10-18 14:06:38 UTC
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2014-10-18 14:10:42 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 Sergey Popov gentoo-dev 2014-11-27 13:56:17 UTC
Added to existing GLSA request
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-11-27 13:57:29 UTC
CVE-2014-7142 (
  The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain
  sensitive information or cause a denial of service (crash) via a crafted (1)
  ICMP or (2) ICMP6 packet size.

CVE-2014-7141 (
  The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain
  sensitive information or cause a denial of service (out-of-bounds read and
  crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
Comment 13 Sergey Popov gentoo-dev 2014-11-27 14:37:58 UTC
Cleanup is already done
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-11-27 14:48:36 UTC
This issue was resolved and addressed in
 GLSA 201411-11 at
by GLSA coordinator Sergey Popov (pinkbyte).