Univention Bugzilla – Bug 37038
squid3: Denial of service (4.0)
Last modified: 2017-10-26 13:54:44 CEST
Off-by-one in parsing SNMP packets (CVE-2014-6270) Denial of service in the pinger component handling malformed ICMP packets (CVE-2014-7141, CVE-2014-7142)
All of the three issues above have been classified as "Minor issue" in Debian.
Fixed in 3.1.20-2.2+deb7u3: * Squid configured with cache_peer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses (CVE-2015-5400)
* squid3 3.1.20-2.2+deb7u3 was imported and build to scope errata4.0-3. * YAML (r63405): 2015-09-02-squid3.yaml
OK - squid3 3.1.20-2 OK - ucs-test-proxy OK - YAML
<http://errata.software-univention.de/ucs/4.0/309.html>