DSA-1991-1 squid/squid3 -- denial of serviceID: oval:org.secpod.oval:def:600134 | Date: (C)2011-01-28 (M)2023-11-09 |
Class: PATCH | Family: unix |
Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2855 Bastian Blank discovered that it is possible to cause a denial of service via a crafted auth header with certain comma delimiters. CVE-2010-0308 Tomas Hoger discovered that it is possible to cause a denial of service via invalid DNS header-only packets. For the stable distribution , these problems have been fixed in version 2.7.STABLE3-4.1lenny1 of the squid package and version 3.0.STABLE8-3+lenny3 of the squid3 package. For the oldstable distribution , these problems have been fixed in version 2.6.5-6etch5 of the squid package and version 3.0.PRE5-5+etch2 of the squid3 package. For the testing distribution and the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your squid/squid3 packages.
Platform: |
Debian 5.0 |
Debian 4.0 |