Bug 35732

Summary: squid3: Denial of service (3.2)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Janek Walkenhorst <walkenhorst>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P2 CC: walkenhorst
Version: UCS 3.2   
Target Milestone: UCS 3.2-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2014-08-28 07:56:41 CEST 
Denial of service through malformed Range: headers (CVE-2014-3609)
http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
Comment 1 Janek Walkenhorst univentionstaff 2014-09-17 19:04:40 CEST 
Tests (amd64): OK
Advisory: 2014-09-17-squid3.yaml
Comment 2 Philipp Hahn univentionstaff 2014-09-19 15:20:45 CEST 
OK: apt-cache policy squid3 # 3.1.6-1.2.19.201409161501
OK: univention-install squid3
OK: zless /usr/share/doc/squid3/changelog.Debian.gz
OK: http_proxy=http://127.0.0.1:3128 wget -q -O- http://apt.univention.de/
OK: http_proxy=http://127.0.0.1:3128  curl -v -r 0-13 http://pmhahn.de/robots.txt
OK: 2014-09-17-squid3.yaml
OK: announce_errata -V 2014-09-17-squid3.yaml
Comment 3 Janek Walkenhorst univentionstaff 2014-09-19 17:55:39 CEST 
http://errata.univention.de/ucs/3.2/211.html