SUSE-SU-2016:2089-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2089-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2016:2089-1
- Related
- Published
- 2016-08-16T12:56:03Z
- Modified
- 2016-08-16T12:56:03Z
- Summary
- Security update for squid3
- Details
-
This update for squid3 fixes the following issues:
Multiple issues in pinger ICMP processing. (CVE-2014-7141, CVE-2014-7142)
CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. (bsc#973782)
CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010)
Fix multiple Denial of Service issues in HTTP Response processing. (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc#968392, bsc#968393, bsc#968394, bsc#968395)
Regression caused by the DoS fixes above (bsc#993299)
CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783)
CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553)
CVE-2016-4052, CVE-2016-4053, CVE-2016-4054:
- fixes multiple issues in ESI processing (bsc#976556)
CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008)
CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715)
CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773)
Memory leak in squid3 when using external_acl (bsc#976708)
- References
-
- https://www.suse.com/support/update/announcement/2016/suse-su-20162089-1/
- https://bugzilla.suse.com/895773
- https://bugzilla.suse.com/902197
- https://bugzilla.suse.com/938715
- https://bugzilla.suse.com/963539
- https://bugzilla.suse.com/967011
- https://bugzilla.suse.com/968392
- https://bugzilla.suse.com/968393
- https://bugzilla.suse.com/968394
- https://bugzilla.suse.com/968395
- https://bugzilla.suse.com/973782
- https://bugzilla.suse.com/973783
- https://bugzilla.suse.com/976553
- https://bugzilla.suse.com/976556
- https://bugzilla.suse.com/976708
- https://bugzilla.suse.com/979008
- https://bugzilla.suse.com/979009
- https://bugzilla.suse.com/979010
- https://bugzilla.suse.com/979011
- https://bugzilla.suse.com/993299
- https://www.suse.com/security/cve/CVE-2011-3205
- https://www.suse.com/security/cve/CVE-2011-4096
- https://www.suse.com/security/cve/CVE-2012-5643
- https://www.suse.com/security/cve/CVE-2013-0188
- https://www.suse.com/security/cve/CVE-2013-4115
- https://www.suse.com/security/cve/CVE-2014-0128
- https://www.suse.com/security/cve/CVE-2014-6270
- https://www.suse.com/security/cve/CVE-2014-7141
- https://www.suse.com/security/cve/CVE-2014-7142
- https://www.suse.com/security/cve/CVE-2015-5400
- https://www.suse.com/security/cve/CVE-2016-2390
- https://www.suse.com/security/cve/CVE-2016-2569
- https://www.suse.com/security/cve/CVE-2016-2570
- https://www.suse.com/security/cve/CVE-2016-2571
- https://www.suse.com/security/cve/CVE-2016-2572
- https://www.suse.com/security/cve/CVE-2016-3947
- https://www.suse.com/security/cve/CVE-2016-3948
- https://www.suse.com/security/cve/CVE-2016-4051
- https://www.suse.com/security/cve/CVE-2016-4052
- https://www.suse.com/security/cve/CVE-2016-4053
- https://www.suse.com/security/cve/CVE-2016-4054
- https://www.suse.com/security/cve/CVE-2016-4553
- https://www.suse.com/security/cve/CVE-2016-4554
- https://www.suse.com/security/cve/CVE-2016-4555
- https://www.suse.com/security/cve/CVE-2016-4556
Affected packages
SUSE:Linux Enterprise Server 11 SP4 / squid3
Package
- Name
- squid3
- Purl
- purl:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4