Bug 35732 - squid3: Denial of service (3.2)
squid3: Denial of service (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P2 normal (vote)
: UCS 3.2-3-errata
Assigned To: Janek Walkenhorst
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-08-28 07:56 CEST by Moritz Muehlenhoff
Modified: 2014-12-08 15:43 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-08-28 07:56:41 CEST
Denial of service through malformed Range: headers (CVE-2014-3609)
http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
Comment 1 Janek Walkenhorst univentionstaff 2014-09-17 19:04:40 CEST
Tests (amd64): OK
Advisory: 2014-09-17-squid3.yaml
Comment 2 Philipp Hahn univentionstaff 2014-09-19 15:20:45 CEST
OK: apt-cache policy squid3 # 3.1.6-1.2.19.201409161501
OK: univention-install squid3
OK: zless /usr/share/doc/squid3/changelog.Debian.gz
OK: http_proxy=http://127.0.0.1:3128 wget -q -O- http://apt.univention.de/
OK: http_proxy=http://127.0.0.1:3128  curl -v -r 0-13 http://pmhahn.de/robots.txt
OK: 2014-09-17-squid3.yaml
OK: announce_errata -V 2014-09-17-squid3.yaml
Comment 3 Janek Walkenhorst univentionstaff 2014-09-19 17:55:39 CEST
http://errata.univention.de/ucs/3.2/211.html