drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Squid
Name: |
Denial of Service in Squid |
|
ID: |
DSA-3522-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy, Debian jessie, Debian stretch |
|
Datum: |
So, 20. März 2016, 20:10 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2571 |
|
Applikationen: |
Squid |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3522-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 20, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : squid3 CVE ID : CVE-2016-2571
Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service (assertion failure and daemon exit).
For the oldstable distribution (wheezy), this problem has been fixed in version 3.1.20-2.2+deb7u4.
For the stable distribution (jessie), this problem has been fixed in version 3.4.8-6+deb8u2.
For the testing distribution (stretch), this problem has been fixed in version 3.5.15-1.
For the unstable distribution (sid), this problem has been fixed in version 3.5.15-1.
We recommend that you upgrade your squid3 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJW7u2FAAoJEAVMuPMTQ89EOK0P/0TbA7BCPxKg1RnG/PYs5Zv5 lXtOCE5KH+eGMSHd+QqyU6fsCyogMZEIA0MGqjLZiHjfyNaFZHmhGvKALl3A3ONt RM8f0GYnlm5P77gmY+svY83h1g+bn+gCQZbv1Wo9FDpa/NB6WnpKfAt926ufFuAT ybf5/KHF6tpJwlA0NWbywIX5HldpJet54fllgpfbuQYTDp8hoqSgTtAQCvDtS2+w Ay0SO6O00B2ccPYpB4LEZ5JiCn5IOxKZs7xSyfezlouNDehk+/xmbWDCPtMO40dg dpnqi117VcAsmpbgeautJU7CTpSsjrMOj37QvoPJXXrrC0vvqhLz+LXYNRMhFWWH SdkWPRLEBvRExqzPJTRgGh+EvZdfk418jLXMPb6ZkEpApMHVEsRVawcUAMc3b4/t aXs4uG56qy1RnpT37+EkQ21s70W/wGRo3T43SFCEZjXF8Km+Wj0adGMmaDlh3hSx gm3HLOMetn/lz1CGG+HkyjGXJ1g/3ONQC9gGATg0RIGWD57q7nayAW1tsihN4Ygu 71cAQY2KcYEO0tPCYYl/4s6AGlW1+RCVFIpwhyACtYwPV4mFlaHTsWDMxMRxTu1N r70Ek8ki/S/2ikvR9mrr7YjvAdSBwbklT7H7gYxcj1cjTq/r+UP7A4nc1oTM2vmU 0KQVoVv5QI/SUrxiCDHU =OnMJ -----END PGP SIGNATURE-----
|
|
|
|