CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
Bug #907690 reported by
Mahyuddin Susanto
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squid3 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Description
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 3.2.0.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
CVE-2005-0094 regression.
References
http://
https:/
Patch: http://
Fixed in Version: Squid 3.0.STABLE26, 3.1.15, 3.2.0.11
Related branches
Changed in squid3 (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Mahyuddin Susanto (udienz) |
Changed in squid3 (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in squid3 (Ubuntu): | |
status: | Triaged → New |
Changed in squid3 (Ubuntu): | |
status: | New → Fix Released |
description: | updated |
To post a comment you must log in.
Thanks for the debdiffs. Sorry for the delay in reviewing them.
ACK for maverick, natty and oneiric. They are being built now and will be released in a few hours.
NACK for lucid. There seems to be a line missing in the CVE-2011-3205 patch. Could you please check, and attach a fixed debdiff?
Thanks!