Executive Summary
| Summary | |
|---|---|
| Title | New squid3 packages fix regression |
| Informations | |||
|---|---|---|---|
| Name | DSA-1843 | First vendor Publication | 2009-07-28 |
| Vendor | Debian | Last vendor Modification | 2009-08-09 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| It was discovered that squid3, a high-performance proxy caching server for web clients, is prone to several denial of service attacks. Due to incorrect bounds checking and insufficient validation while processing response and request data an attacker is able to crash the squid daemon via crafted requests or responses. This update to DSA-1843-1 includes updated upstream patches which add checks for a corner-case in which an incomplete server reply could also lead to denial of service conditions as well as more debugging information. The squid package in the oldstable distribution (etch) is not affected by this problem. For the stable distribution (lenny), this problem has been fixed in version 3.0.STABLE8-3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 3.0.STABLE18-1. We recommend that you upgrade your squid3 packages. |
Original Source
| Url : http://www.debian.org/security/2009/dsa-1843 |
Alert History
| Date | Informations |
|---|---|
| 2016-04-26 21:39:23 |
|
| 2014-02-17 11:28:39 |
|
| 2013-05-11 00:43:26 |
|
