Launchpad CVE tracker

CVE 2014-7141

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Related bugs and status

CVE-2014-7141 (Candidate) is related to these bugs:

Bug #1214379: pinger crashed with SIGSEGV in malloc_consolidate()

Summary				In	Importance	Status
	1214379	pinger crashed with SIGSEGV in malloc_consolidate()		squid3 (Ubuntu)	Medium	Fix Released
	1214379	pinger crashed with SIGSEGV in malloc_consolidate()		Squid	Unknown	Unknown

Bug #1384943: [SRU] Pinger crashes with segfault in libc

		In	Importance	Status
1384943	[SRU] Pinger crashes with segfault in libc	squid3 (Ubuntu)	Undecided	Fix Released
1384943	[SRU] Pinger crashes with segfault in libc	squid3 (Ubuntu Trusty)	Undecided	Fix Released
1384943	[SRU] Pinger crashes with segfault in libc	squid3 (Ubuntu Utopic)	Undecided	Fix Released

Bug #1473691: [FFe] squid: Update to latest upstream release (3.5)

Summary				In	Importance	Status
	1473691	[FFe] squid: Update to latest upstream release (3.5)		squid3 (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-7141

References