Updated squid packages fix security vulnerabilities
Publication date: 07 Oct 2014Modification date: 07 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6270 , CVE-2014-7141 , CVE-2014-7142
Description
Updated squid packages fix security vulnerabilities:
Due to incorrect buffer management Squid can be caused by an attacker to write
outside its allocated SNMP buffer (CVE-2014-6270).
Due to incorrect bounds checking Squid pinger binary is vulnerable to denial
of service or information leak attack when processing larger than normal ICMP
or ICMPv6 packets (CVE-2014-7141).
Due to incorrect input validation Squid pinger binary is vulnerable to denial
of service or information leak attacks when processing ICMP or ICMPv6 packets
(CVE-2014-7142).
References
- https://bugs.mageia.org/show_bug.cgi?id=14150
- http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
- http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6270
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7141
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7142
SRPMS
4/core
- squid-3.3.13-1.1.mga4
3/core
- squid-3.2.10-1.8.mga3