Updated squid package fixes CVE-2014-0128
Publication date: 24 Apr 2014Modification date: 24 Apr 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0128
Description
Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled (CVE-2014-0128).
References
- http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
- http://www.squid-cache.org/mail-archive/squid-users/201403/0064.html
- https://lists.fedoraproject.org/pipermail/package-announce/2014-April/130987.html
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html
- https://bugs.mageia.org/show_bug.cgi?id=13138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0128
SRPMS
3/core
- squid-3.2.10-1.6.mga3