Описание
security update for squid
This update fixes the following issues:
- CVE-2018-1172: Squid Proxy Cache Denial of Service vulnerability (bsc#1090089).
Список пакетов
SUSE Linux Enterprise Server 12 SP3
squid-3.5.21-26.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
squid-3.5.21-26.9.1
Ссылки
- Link for SUSE-SU-2018:1122-1
- E-Mail link for SUSE-SU-2018:1122-1
- SUSE Security Ratings
- SUSE Bug 1090089
- SUSE CVE CVE-2018-1172 page
Описание
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:squid-3.5.21-26.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3:squid-3.5.21-26.9.1
Ссылки
- CVE-2018-1172
- SUSE Bug 1090089