diff options
| author | junovitch <junovitch@FreeBSD.org> | 2016-02-28 08:50:12 +0800 |
|---|---|---|
| committer | junovitch <junovitch@FreeBSD.org> | 2016-02-28 08:50:12 +0800 |
| commit | d2067c0d807cb070b104ab3935c5528a72997b3d (patch) | |
| tree | c36f66ac1f6770cbecd6a75b936c7edaa304ee4c /security | |
| parent | e8f4180923d52036c9c64362ef664dfba257f845 (diff) | |
| download | freebsd-ports-gnome-d2067c0d807cb070b104ab3935c5528a72997b3d.tar.gz freebsd-ports-gnome-d2067c0d807cb070b104ab3935c5528a72997b3d.tar.zst freebsd-ports-gnome-d2067c0d807cb070b104ab3935c5528a72997b3d.zip | |
Revise Squid entry with CVE assignment and SQUID-2016:2 advisory reference
PR: 207454
Reported by: Pavel Timofeev <timp87@gmail.com>
Security: CVE-2016-2569
Security: CVE-2016-2570
Security: CVE-2016-2571
Security: https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e9994b4d0e96..5f40b24cba55 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -418,25 +418,31 @@ Notes: </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Amos Jeffries reports:</p> - <blockquote cite="http://www.openwall.com/lists/oss-security/2016/02/24/12"> - <p>The proxy contains a String object class with 64KB content limits. - Some code paths do not bounds check before appending to these - String and overflow leads to an assertion which terminates all - client transactions using the proxy, including those unrelated to - the limit being exceeded.</p> - <p>Error handling for malformed HTTP responses can lead to a second - assertion with the same effects as the first issue.</p> + <p>Squid security advisory 2016:2 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"> + <p>Due to incorrect bounds checking Squid is vulnerable to a denial + of service attack when processing HTTP responses.</p> + <p>These problems allow remote servers delivering certain unusual + HTTP response syntax to trigger a denial of service for all + clients accessing the Squid service.</p> + <p>HTTP responses containing malformed headers that trigger this + issue are becoming common. We are not certain at this time if + that is a sign of malware or just broken server scripting.</p> </blockquote> </body> </description> <references> + <cvename>CVE-2016-2569</cvename> + <cvename>CVE-2016-2570</cvename> + <cvename>CVE-2016-2571</cvename> <freebsdpr>ports/207454</freebsdpr> + <url>http://www.squid-cache.org/Advisories/SQUID-2016_2.txt</url> <url>http://www.openwall.com/lists/oss-security/2016/02/24/12</url> </references> <dates> <discovery>2016-02-24</discovery> <entry>2016-02-24</entry> + <modified>2016-02-28</modified> </dates> </vuln> |