Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane

From: Amos Jeffries <squid3-CbtWyS02/cdBWQWeTLFoew <at> public.gmane.org>
Subject: CVE Request: Squid HTTP Proxy
Newsgroups: gmane.comp.security.oss.general
Date: Friday 1st April 2016 21:22:03 UTC (over 2 years ago)
Hi,

1) A buffer overrun (on write(2)) has been found in Squid proxy 'pinger'
process that allows an attacker to craft ICMPv6 messages that will
either crash the child process (if the OS prootects against over-write)
or alter heap contents allowing the attacker to bypass CVE-2014-7142
protection and leak arbitrary heap data into the Squid log files. The
pinger is setuid root (though it does drop those privileges prior to
this attack being possible).
 This was reported by Yuriy M. Kaminskiy.

Patch for this issue is available at:
<http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch>

The upstream advisory will be at this URL:
<http://www.squid-cache.org/Advisories/SQUID-2016_3.txt>


2) A secondary issue with the same Denial of Service effects as
CVE-2016-2569 has been found that is not covered by the existing fix.
All Squid-3.x versions up to and including 3.5.15, and 4.0.x versions up
to and including 4.0.7 are vulnerable to this issue independent of the
fix for CVE-2016-2569.
 This was reported by Santiago R. Rincón of Debian.

Patch for this is available at:
<http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch>

The upstream advisory will be at this URL:
<http://www.squid-cache.org/Advisories/SQUID-2016_4.txt>


Both of these issues are resolved in the 4.0.8 and 3.5.16 packages which
will be available within 24hrs.


Amos Jeffries
Squid Software Foundation
 
CD: 118ms