Advisories » MGASA-2014-0396

Updated squid packages fix security vulnerabilities

Publication date: 07 Oct 2014
Modification date: 07 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6270 , CVE-2014-7141 , CVE-2014-7142

Description

Updated squid packages fix security vulnerabilities:

Due to incorrect buffer management Squid can be caused by an attacker to write
outside its allocated SNMP buffer (CVE-2014-6270).

Due to incorrect bounds checking Squid pinger binary is vulnerable to denial
of service or information leak attack when processing larger than normal ICMP
or ICMPv6 packets (CVE-2014-7141).

Due to incorrect input validation Squid pinger binary is vulnerable to denial
of service or information leak attacks when processing ICMP or ICMPv6 packets
(CVE-2014-7142).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14150
• http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
• http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
• https://www.cve.org/CVERecord?id=CVE-2014-6270
• https://www.cve.org/CVERecord?id=CVE-2014-7141
• https://www.cve.org/CVERecord?id=CVE-2014-7142

SRPMS

3/core

• squid-3.2.10-1.8.mga3

4/core

• squid-3.3.13-1.1.mga4