Univention Bugzilla – Attachment 7146 Details for
Bug 37240
squid3: Denial of service (ES 3.1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
3.1-squid3.txt
3.1-squid3.txt (text/plain), 986 bytes, created by
Stefan Gohmann
on 2015-09-01 08:13:35 CEST
(
hide
)
Description:
3.1-squid3.txt
Filename:
MIME Type:
Creator:
Stefan Gohmann
Created:
2015-09-01 08:13:35 CEST
Size:
986 bytes
patch
obsolete
>A new update is available for Univention Corporate Server 3.1 as >part of the extended security maintenance. >It addresses the following issues: > >Program component: squid3 >Reference: CVE-2015-5400 CVE-2014-3609 > CVE-2012-5643 CVE-2013-0189 >Fixed version: 3.1.6-1.2.12.201509010801 > >More details about the issues: >* Do not blindly forward cache peer CONNECT responses (CVE-2015-5400) >* Denial of service through malformed Range: headers (CVE-2014-3609) >* Denial of service (memory consumption) via (1) invalid Content-Length > headers, (2) long POST requests, or (3) crafted authentication > credentials (CVE-2012-5643) >* Denial of service (resource consumption) via a crafted request > (CVE-2013-0189) > >-- >Univention GmbH >be open. >Mary-Somerville-Str.1 >28359 Bremen >Tel. : +49 421 22232-0 >Fax : +49 421 22232-99 > ><info@univention.de> >http://www.univention.de/ > >Geschäftsführer: Peter H. Ganten >HRB 20755 Amtsgericht Bremen >Steuer-Nr.: 71-597-02876
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7146">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 37240
: 7146