diff options
author | delphij <delphij@FreeBSD.org> | 2010-02-02 04:25:56 +0800 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2010-02-02 04:25:56 +0800 |
commit | cb96bb9bca9929d9655e7663bcebe3512ebd2d85 (patch) | |
tree | 7e3a6cc851a26b8e0a43fc0d27fab80a75900843 /security | |
parent | c4921220e05de250b05afc5aa6739c1bbb96b03b (diff) | |
download | freebsd-ports-gnome-cb96bb9bca9929d9655e7663bcebe3512ebd2d85.tar.gz freebsd-ports-gnome-cb96bb9bca9929d9655e7663bcebe3512ebd2d85.tar.zst freebsd-ports-gnome-cb96bb9bca9929d9655e7663bcebe3512ebd2d85.zip |
Security patch for Squid advisory 2010:1, denial of service.
Submitted by: maintainer (Thomas-Martin Seck <tmseck web de>)
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b73bd29c4167..20b774cfff51 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="296ecb59-0f6b-11df-8bab-0019996bc1f7"> + <topic>squid -- Denial of Service vulnerability in DNS handling</topic> + <affects> + <package> + <name>squid</name> + <range><ge>2.7.1</ge><lt>2.7.7_3</lt></range> + <range><ge>3.0.1</ge><lt>3.0.22</lt></range> + <range><ge>3.1.0.1</ge><lt>3.1.0.16</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Squid security advisory 2010:1 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2010_1.txt"> + <p>Due to incorrect data validation Squid is vulnerable to a denial + of service attack when processing specially crafted DNS packets.</p> + <p>This problem allows any trusted client or external server who can + determine the squid receiving port to perform a short-term denial + of service attack on the Squid service.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.squid-cache.org/Advisories/SQUID-2010_1.txt</url> + </references> + <dates> + <discovery>2010-01-14</discovery> + <entry>2010-02-01</entry> + </dates> + </vuln> + <vuln vid="696053c6-0f50-11df-a628-001517351c22"> <topic>bugzilla -- information leak</topic> <affects> |