ALT-PU-2016-1253-1
Closed vulnerabilities
Published: 2016-04-20
BDU:2016-01050
Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
References:
Published: 2016-04-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-2390
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://bugs.squid-cache.org/show_bug.cgi?id=4437
- http://bugs.squid-cache.org/show_bug.cgi?id=4437
- SUSE-SU-2016:1996
- SUSE-SU-2016:1996
- SUSE-SU-2016:2089
- SUSE-SU-2016:2089
- [squid-announce] 20160216 Squid 3.5.14 is available
- [squid-announce] 20160216 Squid 3.5.14 is available
- [squid-announce] 20160216 Squid 4.0.6 beta is available
- [squid-announce] 20160216 Squid 4.0.6 beta is available
- 1035045
- 1035045
- http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
- http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
Closed bugs
Ошибка при обновлении