Paketname
squid
Datum
2011-12-27
Advisory ID
MDVSA-2011:193
Betroffene Versionen
2011 i586 , 2011 x86_64

Problembeschreibung

A vulnerability has been discovered and corrected in squid:

The idnsGrokReply function in Squid before 3.1.16 does not properly
free memory, which allows remote attackers to cause a denial of
service (daemon abort) via a DNS reply containing a CNAME record
that references another CNAME record that contains an empty A record
(CVE-2011-4096).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2011 i586

 dfcc60c460150bb3f359a63b646d45b6  2011/i586/squid-3.1.15-1.1-mdv2011.0.i586.rpm
 1798068f0a75cdf99df2b543f5721614  2011/i586/squid-cachemgr-3.1.15-1.1-mdv2011.0.i586.rpm 
 e19115ab1d4be2ef9ecd877c1ce511e4  2011/SRPMS/squid-3.1.15-1.1.src.rpm

2011 x86_64

 8c3ef93cace353be3e4075d6b7b92f6f  2011/x86_64/squid-3.1.15-1.1-mdv2011.0.x86_64.rpm
 842a3385d660fc85bfba1ef6236df5f3  2011/x86_64/squid-cachemgr-3.1.15-1.1-mdv2011.0.x86_64.rpm 
 e19115ab1d4be2ef9ecd877c1ce511e4  2011/SRPMS/squid-3.1.15-1.1.src.rpm

Referenzen