CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series
Bug #907686 reported by
Mahyuddin Susanto
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squid3 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Description:
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through
3.1.0.15 allows remote attackers to cause a denial of service (assertion
failure) via a crafted DNS packet that only contains a header.
References
http://
http://
http://
Upstream patch:
http://
Related branches
Changed in squid3 (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Mahyuddin Susanto (udienz) |
security vulnerability: | no → yes |
Changed in squid3 (Ubuntu): | |
assignee: | Mahyuddin Susanto (udienz) → nobody |
status: | In Progress → New |
Changed in squid3 (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in squid3 (Ubuntu Maverick): | |
status: | New → Fix Released |
Changed in squid3 (Ubuntu Natty): | |
status: | New → Fix Released |
Changed in squid3 (Ubuntu Oneiric): | |
status: | New → Fix Released |
Changed in squid3 (Ubuntu): | |
status: | Triaged → Fix Released |
To post a comment you must log in.
This bug was fixed in the package squid3 - 3.0.STABLE19- 1ubuntu0. 2
--------------- 1ubuntu0. 2) lucid-security; urgency=low
squid3 (3.0.STABLE19-
* SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet patches/ CVE-2010- 0308.dpatch: patch derived from upstream. patches/ CVE-2010- 0639.dpatch: patch derived from upstream. patches/ CVE-2011- 3205.dpatch: patch derived from upstream.
that only contains header. (LP: #907686)
- debian/
- CVE-2010-0308
* SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via
crafted packets to the HTCP port. (LP: #907690)
- debian/
- CVE-2010-0639
* SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
have unspecified other impact via a long line in a response by remote
Gopher servers. (LP: #907687)
- debian/
- CVE-2011-3205
-- Mahyuddin Susanto <email address hidden> Wed, 18 Jan 2012 12:46:59 +0700