openSUSE-SU-2018:1135-1

Опубликовано: 03 мая 2018

Источник: suse-cvrf

Описание

Security update for squid

This update fixes the following issues:

CVE-2018-1172: Squid Proxy Cache Denial of Service vulnerability (bsc#1090089).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.3

squid-3.5.21-15.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-05/msg00006.html
E-Mail link for openSUSE-SU-2018:1135-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.

Затронутые продукты

openSUSE Leap 42.3:squid-3.5.21-15.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1172.html
CVE-2018-1172
https://bugzilla.suse.com/1090089
SUSE Bug 1090089

openSUSE-SU-2018:1135-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-1172

Описание

Затронутые продукты

Ссылки