MGASA-2016-0133

Source
https://advisories.mageia.org/MGASA-2016-0133.html
Import Source
https://advisories.mageia.org/MGASA-2016-0133.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2016-0133
Related
Published
2016-04-06T14:09:53Z
Modified
2016-04-06T14:01:19Z
Summary
Updated squid packages fix security vulnerabilities
Details

Updated squid packages fix security vulnerabilities:

Due to a buffer overrun, the Squid pinger binary in Squid before 3.5.16 is vulnerable to a denial of service or information leak attack when processing ICMPv6 packets. This bug also permits the server response to manipulate other ICMP and ICMPv6 queries processing to cause information leaks (CVE-2016-3947).

Due to incorrect bounds checking, Squid before 3.5.16 is vulnerable to a denial of service attack when processing HTTP responses (CVE-2016-3948).

References
Credits

Affected packages

Mageia:5 / squid

Package

Name
squid
Purl
pkg:rpm/mageia/squid?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.16-1.mga5

Ecosystem specific

{
    "section": "core"
}