MGASA-2013-0228

Source
https://advisories.mageia.org/MGASA-2013-0228.html
Import Source
https://advisories.mageia.org/MGASA-2013-0228.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2013-0228
Upstream
  • CVE-2013-4115
  • CVE-2013-4123
Published
2013-07-21T20:18:36Z
Modified
2026-04-16T06:25:58.294820597Z
Summary
Updated squid packages fix security vulnerabilities
Details

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service (CVE-2013-4115).

Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted HTTP requests. This problem allows any client who can generate HTTP requests to perform a denial of service attack on the Squid service (CVE-2013-4123).

Also, due to being renamed in Squid 3.2, the Squid external acl helpers for matching against IP addresses and LDAP groups were not selected to be built in the squid package for Mageia 3.

This has been corrected and these helpers are now included. Additionally, the helpers for eDirectory IP address lookups and matching LDAP groups using Kerberos credentials have also been included.

References
Credits

Affected packages

Mageia:3 / squid

Package

Name
squid
Purl
pkg:rpm/mageia/squid?arch=source&distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.10-1.4.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2013-0228.json"