oss-sec mailing list archives
squid 3.x vulnerabilities
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 27 Jul 2009 10:18:50 -0600
There are some security vulnerabilities in squid 3.x that have been fixed today: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt Specifically: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses. Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses. Patches are linked to from the advisory. No CVE names look to be assigned; can we get some? I think we probably need two CVE names here. Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- squid 3.x vulnerabilities Vincent Danen (Jul 27)
- Re: squid 3.x vulnerabilities Steven M. Christey (Jul 28)