Univention Bugzilla – Bug 35853
squid3: Denial of service (3.2)
Last modified: 2015-09-23 13:11:48 CEST
Off-by-one in parsin SNMP packets (CVE-2014-6270) This doesn't affect the default installation
Denial of service in the pinger component handling malformed ICMP packets (CVE-2014-7141, CVE-2014-7142)
*** Bug 34299 has been marked as a duplicate of this bug. ***
Merged from 34299: * CVE-2014-0128 Squid provides a feature to transparently decrypt/analyse SSL/TLS traffuic (called SSL bumping). This feature is susceptible by denial of service through malformed HTTPS requests. The affected feature isn't enabled in the templates in univention-squid.
All of the above issues are considered minor by Debian security. New issue fixed in 3.1.6-1.2+squeeze5: * Squid configured with cache_peer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses (CVE-2015-5400)
* squid3 3.1.6-1.2+squeeze5 has been imported and built in scope errata3.2-7. * YAML (r63494): 2015-09-07-squid3.yaml
Advisory: OK Tests (i386, amd64): OK
<http://errata.software-univention.de/ucs/3.2/368.html>