Описание
Security update for squid3
This update for squid3 fixes the following issues:
- CVE-2018-1172: Fixed a DoS caused by incorrect handling of ESI responses. (bsc#1090089, SQUID-2018:3)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
squid3-3.1.23-8.16.37.6.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
squid3-3.1.23-8.16.37.6.1
Ссылки
- Link for SUSE-SU-2018:1365-1
- E-Mail link for SUSE-SU-2018:1365-1
- SUSE Security Ratings
- SUSE Bug 1090089
- SUSE CVE CVE-2018-1172 page
Описание
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:squid3-3.1.23-8.16.37.6.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:squid3-3.1.23-8.16.37.6.1
Ссылки
- CVE-2018-1172
- SUSE Bug 1090089