First Last Prev Next    This bug is not in your last search results.
Bug 34298 - squid3: Denial of service (3.1)
squid3: Denial of service (3.1)
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: Squid
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.1-x-errata
Assigned To: Squid maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-11 06:38 CET by Moritz Muehlenhoff
Modified: 2014-06-02 08:18 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-03-11 06:38:37 CET 
CVE-2014-0128

Squid provides a feature to transparently decrypt/analyse SSL/TLS traffuic (called SSL bumping). This feature is susceptible by denial of service through malformed HTTPS requests.

The affected feature isn't enabled in the templates in univention-squid.
Comment 1 Stefan Gohmann univentionstaff 2014-06-02 08:18:44 CEST 
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of
May 2014.

The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is
supplied with bug and security fixes.

Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please
contact your partner or Univention for any questions.
First Last Prev Next    This bug is not in your last search results.