MDVSA-2013:013
- Package name
- squid
- Date
- 2013-02-20
- Advisory ID
- MDVSA-2013:013
- Affected versions
- MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64
Problem description
Multiple vulnerabilities has been found and corrected in squid
(cachemgr.cgi):
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid
2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before
3.3.0.2 allow remote attackers to cause a denial of service (memory
consumption) via (1) invalid Content-Length headers, (2) long POST
requests, or (3) crafted authentication credentials (CVE-2012-5643).
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and
other versions, allows remote attackers to cause a denial of service
(resource consumption) via a crafted request. NOTE: this issue is
due to an incorrect fix for CVE-2012-5643, possibly involving an
incorrect order of arguments or incorrect comparison (CVE-2013-0189).
The updated packages have been patched to correct these issues.
Updated packages
MES5 i586
951ed0c1ac4f41a20fa668602d9527b2 mes5/i586/squid-3.0-22.6mdvmes5.2.i586.rpm 480f84eb3ec2d8edef1f30d849add394 mes5/i586/squid-cachemgr-3.0-22.6mdvmes5.2.i586.rpm 882f87c2db26259b5f1c7600cde80196 mes5/SRPMS/squid-3.0-22.6mdvmes5.2.src.rpm
2011 i586
be6b1b58b23adf78655e154a0d9b4425 2011/i586/squid-3.1.15-1.3-mdv2011.0.i586.rpm 87d5c4f17ec9609a6c23bde3254f1607 2011/i586/squid-cachemgr-3.1.15-1.3-mdv2011.0.i586.rpm defcc1655b36cb5708f281311d6f14e5 2011/SRPMS/squid-3.1.15-1.3.src.rpm
MES5 x86_64
816be462b15ab4aeb3304c8f40cdf7a7 mes5/x86_64/squid-3.0-22.6mdvmes5.2.x86_64.rpm 71654b5c9dfe52d184c5ea535db5b4b4 mes5/x86_64/squid-cachemgr-3.0-22.6mdvmes5.2.x86_64.rpm 882f87c2db26259b5f1c7600cde80196 mes5/SRPMS/squid-3.0-22.6mdvmes5.2.src.rpm
2011 x86_64
47252ced15dc7132ccc49db09f211507 2011/x86_64/squid-3.1.15-1.3-mdv2011.0.x86_64.rpm b2cc7e05622308c13826397b9e9920c3 2011/x86_64/squid-cachemgr-3.1.15-1.3-mdv2011.0.x86_64.rpm defcc1655b36cb5708f281311d6f14e5 2011/SRPMS/squid-3.1.15-1.3.src.rpm