oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

squid 3.x vulnerabilities

From: Vincent Danen <vdanen () redhat com>
Date: Mon, 27 Jul 2009 10:18:50 -0600
There are some security vulnerabilities in squid 3.x that have been
fixed today:

http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

Specifically:

Due to incorrect buffer limits and related bound checks Squid
is vulnerable to a denial of service attack when processing
specially crafted requests or responses.

Due to incorrect data validation Squid is vulnerable to a denial
of service attack when processing specially crafted responses.



Patches are linked to from the advisory.

No CVE names look to be assigned; can we get some?  I think we probably
need two CVE names here.

Thanks.

--
Vincent Danen / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: