Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1983-1

Опубликовано: 13 нояб. 2015
Источник: suse-cvrf

Описание

Security update for squid

squid was updated to fix two security issues.

These security issues were fixed:

  • CVE-2014-6270: Fixed an off by one in snmp subsystem (bsc#895773).
  • CVE-2014-9749: Fixed a nonce replay vulnerability in Digest authentication (bsc#949942).

Список пакетов

SUSE Linux Enterprise Server 11 SP3
squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server 11 SP4
squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3
squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
squid-2.7.STABLE5-2.12.24.2

Ссылки

Описание

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server 11 SP3:squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server 11 SP4:squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3:squid-2.7.STABLE5-2.12.24.2
Ссылки

Описание

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server 11 SP3:squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server 11 SP4:squid-2.7.STABLE5-2.12.24.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3:squid-2.7.STABLE5-2.12.24.2
Ссылки