Date: Mon, 27 Jul 2009 10:18:50 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: squid 3.x vulnerabilities There are some security vulnerabilities in squid 3.x that have been fixed today: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt Specifically: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses. Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses. Patches are linked to from the advisory. No CVE names look to be assigned; can we get some? I think we probably need two CVE names here. Thanks. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.