Branch sisyphus update bulletin.

Package squid updated to version 3.4.4.2-alt1 for branch sisyphus in task 118769.

Published: 2014-08-28

BDU:2015-00690

Уязвимость программного обеспечения Squid HTTP Proxy Server, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0)

References:

Published: 2014-09-12

BDU:2015-00691

Уязвимость программного обеспечения Squid HTTP Proxy Server, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8)

References:

Published: 2014-09-11

BDU:2015-04283

Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0)

References:

CVE-2014-3609

Published: 2016-02-27

BDU:2016-00731

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)

References:

CVE-2016-2571

Published: 2016-02-27

BDU:2016-00732

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)

References:

CVE-2016-2570

Published: 2016-02-27

BDU:2016-00733

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)

References:

CVE-2016-2569

Published: 2014-09-11
Modified: 2024-11-21

CVE-2014-3609

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."

Severity: MEDIUM (5.0)

References:

Published: 2014-09-12
Modified: 2024-11-21

CVE-2014-6270

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Severity: MEDIUM (6.8)

References:

Published: 2014-11-26
Modified: 2024-11-21

CVE-2014-7141

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Severity: MEDIUM (6.4)

References:

Published: 2014-11-26
Modified: 2024-11-21

CVE-2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Severity: MEDIUM (6.4)

References:

Published: 2015-11-07
Modified: 2024-11-21

CVE-2014-9749

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

Severity: MEDIUM (4.0)

References:

Published: 2015-05-18
Modified: 2024-11-21

CVE-2015-3455

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

Severity: LOW (2.6)

References:

Published: 2017-01-27
Modified: 2024-11-21

CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2016-02-27
Modified: 2024-11-21

CVE-2016-2569

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-02-27
Modified: 2024-11-21

CVE-2016-2570

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-02-27
Modified: 2024-11-21

CVE-2016-2571

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-04-07
Modified: 2024-11-21

CVE-2016-3948

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package kernel-image-std-def updated to version 3.12.18-alt1 for branch sisyphus in task 118778.

Published: 2014-03-11

BDU:2015-05685

Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05686

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05687

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05688

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05689

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05690

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05691

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05692

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05693

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05694

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05695

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05696

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05697

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05698

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05699

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05700

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05701

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05702

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05703

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05704

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05705

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05706

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05707

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05708

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05709

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05710

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05711

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05712

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05713

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05714

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05715

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05716

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05717

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05718

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05719

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05720

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05721

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05722

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05723

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05724

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05725

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05726

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05727

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05728

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05729

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05730

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05731

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05732

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05733

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05734

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05735

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05736

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05737

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05738

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05739

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05740

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05741

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05742

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05743

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05744

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05745

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05746

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05747

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05748

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05749

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05750

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05751

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05752

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05753

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05754

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05755

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05756

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05757

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05758

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05759

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05760

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05761

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05762

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05763

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05764

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05765

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05766

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05767

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05768

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05769

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05770

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05771

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05772

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05773

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05774

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05775

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05776

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05777

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05778

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05779

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05780

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05781

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05782

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05783

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05784

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05785

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05786

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05787

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05788

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05789

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05790

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05791

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05792

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05793

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05794

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05795

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05796

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05797

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05798

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05799

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05800

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05801

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05802

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05803

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05804

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05805

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05806

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05807

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05808

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05809

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05810

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05811

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05812

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05813

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05814

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05815

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05816

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05817

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05818

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05819

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05820

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05821

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05822

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05823

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05824

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05825

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05826

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05827

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05828

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05829

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05830

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05831

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05832

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05833

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05834

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05835

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05836

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05837

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05838

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05839

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05840

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05841

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05842

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05843

Severity: CRITICAL (9.3)

References:

Published: 2014-03-11
Modified: 2024-11-21

CVE-2014-0100

Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.

Severity: CRITICAL (9.3)

References:

Published: 2015-03-16
Modified: 2024-11-21

CVE-2014-8172

The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.

Severity: MEDIUM (4.9)

References:

Package krb5 updated to version 1.12-alt2 for branch sisyphus in task 118640.

Published: 2013-12-16

BDU:2015-09675

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.3)

References:

Published: 2013-11-20
Modified: 2024-11-21

CVE-2013-1417

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

Severity: LOW (3.5)

References:

Version: 2.1.0

ALT-BU-2014-2733-1

Closed vulnerabilities

Closed vulnerabilities