Bug 35853 - squid3: Denial of service (3.2)
squid3: Denial of service (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P4 normal (vote)
: UCS 3.2-7-errata
Assigned To: Daniel Tröder
Janek Walkenhorst
:
: 34299 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-09-09 22:26 CEST by Moritz Muehlenhoff
Modified: 2015-09-23 13:11 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-09-09 22:26:06 CEST
Off-by-one in parsin SNMP packets (CVE-2014-6270)

This doesn't affect the default installation
Comment 1 Moritz Muehlenhoff univentionstaff 2014-11-26 11:29:50 CET
Denial of service in the pinger component handling malformed ICMP packets (CVE-2014-7141, CVE-2014-7142)
Comment 2 Arvid Requate univentionstaff 2015-08-17 16:41:06 CEST
*** Bug 34299 has been marked as a duplicate of this bug. ***
Comment 3 Arvid Requate univentionstaff 2015-08-17 16:41:42 CEST
Merged from 34299:

* CVE-2014-0128

Squid provides a feature to transparently decrypt/analyse SSL/TLS traffuic (called SSL bumping). This feature is susceptible by denial of service through malformed HTTPS requests.

The affected feature isn't enabled in the templates in univention-squid.
Comment 4 Arvid Requate univentionstaff 2015-08-17 16:44:33 CEST
All of the above issues are considered minor by Debian security.


New issue fixed in 3.1.6-1.2+squeeze5:

* Squid configured with cache_peer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses (CVE-2015-5400)
Comment 5 Daniel Tröder univentionstaff 2015-09-07 17:24:52 CEST
* squid3 3.1.6-1.2+squeeze5 has been imported and built in scope errata3.2-7.
* YAML (r63494): 2015-09-07-squid3.yaml
Comment 6 Janek Walkenhorst univentionstaff 2015-09-17 16:57:24 CEST
Advisory: OK
Tests (i386, amd64): OK
Comment 7 Janek Walkenhorst univentionstaff 2015-09-23 13:11:48 CEST
<http://errata.software-univention.de/ucs/3.2/368.html>