|
Message-ID: <56FEE67B.70507@treenet.co.nz>
Date: Sat, 2 Apr 2016 10:22:03 +1300
From: Amos Jeffries <squid3@...enet.co.nz>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Squid HTTP Proxy
Hi,
1) A buffer overrun (on write(2)) has been found in Squid proxy 'pinger'
process that allows an attacker to craft ICMPv6 messages that will
either crash the child process (if the OS prootects against over-write)
or alter heap contents allowing the attacker to bypass CVE-2014-7142
protection and leak arbitrary heap data into the Squid log files. The
pinger is setuid root (though it does drop those privileges prior to
this attack being possible).
This was reported by Yuriy M. Kaminskiy.
Patch for this issue is available at:
<http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch>
The upstream advisory will be at this URL:
<http://www.squid-cache.org/Advisories/SQUID-2016_3.txt>
2) A secondary issue with the same Denial of Service effects as
CVE-2016-2569 has been found that is not covered by the existing fix.
All Squid-3.x versions up to and including 3.5.15, and 4.0.x versions up
to and including 4.0.7 are vulnerable to this issue independent of the
fix for CVE-2016-2569.
This was reported by Santiago R. Rincón of Debian.
Patch for this is available at:
<http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch>
The upstream advisory will be at this URL:
<http://www.squid-cache.org/Advisories/SQUID-2016_4.txt>
Both of these issues are resolved in the 4.0.8 and 3.5.16 packages which
will be available within 24hrs.
Amos Jeffries
Squid Software Foundation
Download attachment "signature.asc" of type "application/pgp-signature" (835 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.