Advisories ยป MGASA-2014-0396

Updated squid packages fix security vulnerabilities

Publication date: 07 Oct 2014
Modification date: 07 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6270 , CVE-2014-7141 , CVE-2014-7142

Description

Updated squid packages fix security vulnerabilities:

Due to incorrect buffer management Squid can be caused by an attacker to write
outside its allocated SNMP buffer (CVE-2014-6270).

Due to incorrect bounds checking Squid pinger binary is vulnerable to denial
of service or information leak attack when processing larger than normal ICMP
or ICMPv6 packets (CVE-2014-7141).

Due to incorrect input validation Squid pinger binary is vulnerable to denial
of service or information leak attacks when processing ICMP or ICMPv6 packets
(CVE-2014-7142).
                

References

SRPMS

4/core

3/core