Paketname
squid
Datum
2013-02-20
Advisory ID
MDVSA-2013:013
Betroffene Versionen
MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problembeschreibung

Multiple vulnerabilities has been found and corrected in squid
(cachemgr.cgi):

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid
2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before
3.3.0.2 allow remote attackers to cause a denial of service (memory
consumption) via (1) invalid Content-Length headers, (2) long POST
requests, or (3) crafted authentication credentials (CVE-2012-5643).

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and
other versions, allows remote attackers to cause a denial of service
(resource consumption) via a crafted request. NOTE: this issue is
due to an incorrect fix for CVE-2012-5643, possibly involving an
incorrect order of arguments or incorrect comparison (CVE-2013-0189).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

MES5 i586

 951ed0c1ac4f41a20fa668602d9527b2  mes5/i586/squid-3.0-22.6mdvmes5.2.i586.rpm
 480f84eb3ec2d8edef1f30d849add394  mes5/i586/squid-cachemgr-3.0-22.6mdvmes5.2.i586.rpm 
 882f87c2db26259b5f1c7600cde80196  mes5/SRPMS/squid-3.0-22.6mdvmes5.2.src.rpm

2011 i586

 be6b1b58b23adf78655e154a0d9b4425  2011/i586/squid-3.1.15-1.3-mdv2011.0.i586.rpm
 87d5c4f17ec9609a6c23bde3254f1607  2011/i586/squid-cachemgr-3.1.15-1.3-mdv2011.0.i586.rpm 
 defcc1655b36cb5708f281311d6f14e5  2011/SRPMS/squid-3.1.15-1.3.src.rpm

MES5 x86_64

 816be462b15ab4aeb3304c8f40cdf7a7  mes5/x86_64/squid-3.0-22.6mdvmes5.2.x86_64.rpm
 71654b5c9dfe52d184c5ea535db5b4b4  mes5/x86_64/squid-cachemgr-3.0-22.6mdvmes5.2.x86_64.rpm 
 882f87c2db26259b5f1c7600cde80196  mes5/SRPMS/squid-3.0-22.6mdvmes5.2.src.rpm

2011 x86_64

 47252ced15dc7132ccc49db09f211507  2011/x86_64/squid-3.1.15-1.3-mdv2011.0.x86_64.rpm
 b2cc7e05622308c13826397b9e9920c3  2011/x86_64/squid-cachemgr-3.1.15-1.3-mdv2011.0.x86_64.rpm 
 defcc1655b36cb5708f281311d6f14e5  2011/SRPMS/squid-3.1.15-1.3.src.rpm

Referenzen