{ "schema_version": "1.7.0", "id": "MGASA-2018-0095", "published": "2018-01-24T22:37:59Z", "modified": "2018-01-24T22:09:26Z", "summary": "Updated squid packages fix security vulnerabilities", "details": "Due to incorrect pointer handling Squid is vulnerable to denial \nof service attack when processing ESI responses. This problem allows a\nremote server delivering certain ESI response syntax to trigger a denial\nof service for all clients accessing the Squid service (SQUID-2018:1).\n\nDue to incorrect pointer handling Squid is vulnerable to denial of\nservice attack when processing ESI responses or downloading intermediate\nCA certificates. This problem allows a remote client delivering certain\nHTTP requests in conjunction with certain trusted server responses to\ntrigger a denial of service for all clients accessing the Squid service\n(SQUID-2018:2).\n", "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2018-0095.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=22440" }, { "type": "WEB", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt" }, { "type": "WEB", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "squid", "purl": "pkg:rpm/mageia/squid?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.5.23-1.1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:6", "name": "squid", "purl": "pkg:rpm/mageia/squid?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.5.26-1.1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }