oss-sec mailing list archives
CVE Request: Squid HTTP Proxy
From: Amos Jeffries <squid3 () treenet co nz>
Date: Sat, 2 Apr 2016 10:22:03 +1300
Hi, 1) A buffer overrun (on write(2)) has been found in Squid proxy 'pinger' process that allows an attacker to craft ICMPv6 messages that will either crash the child process (if the OS prootects against over-write) or alter heap contents allowing the attacker to bypass CVE-2014-7142 protection and leak arbitrary heap data into the Squid log files. The pinger is setuid root (though it does drop those privileges prior to this attack being possible). This was reported by Yuriy M. Kaminskiy. Patch for this issue is available at: <http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch> The upstream advisory will be at this URL: <http://www.squid-cache.org/Advisories/SQUID-2016_3.txt> 2) A secondary issue with the same Denial of Service effects as CVE-2016-2569 has been found that is not covered by the existing fix. All Squid-3.x versions up to and including 3.5.15, and 4.0.x versions up to and including 4.0.7 are vulnerable to this issue independent of the fix for CVE-2016-2569. This was reported by Santiago R. Rincón of Debian. Patch for this is available at: <http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch> The upstream advisory will be at this URL: <http://www.squid-cache.org/Advisories/SQUID-2016_4.txt> Both of these issues are resolved in the 4.0.8 and 3.5.16 packages which will be available within 24hrs. Amos Jeffries Squid Software Foundation
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Request: Squid HTTP Proxy Amos Jeffries (Apr 01)
- Re: CVE Request: Squid HTTP Proxy cve-assign (Apr 01)