| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Apr 2013 17:15:00 +0200 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2013:129 ] squid -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:129 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : squid Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated squid packages fix security vulnerability: Due to missing input validation, the Squid cachemgr.cgi tool in Squid before 3.1.22 and 3.2.4 is vulnerable to a denial of service attack when processing specially crafted requests (CVE-2012-5643). It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack (CVE-2013-0189). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0189 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 03f4a33d16e0ccb13c2b825fa9739e3c mbs1/x86_64/squid-3.1.19-5.2.mbs1.x86_64.rpm 0844295e6c832b20b53a89a6570bd632 mbs1/x86_64/squid-cachemgr-3.1.19-5.2.mbs1.x86_64.rpm 721e597deda6926578f64dd31b0df387 mbs1/SRPMS/squid-3.1.19-5.2.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVfUmqjQ0CJFipgRAnhlAJ9orRIWER7dyp+HiX7vCDKsHuQv9QCfXOiO vh6AUMKiHIKi6QunM9En6Yg= =RwvM -----END PGP SIGNATURE-----
Powered by blists - more mailing lists