Bugzilla – Bug 677335
VUL-0: CVE-2011-1098: logrotate: issues with service owned directories
Last modified: 2017-11-01 15:35:32 UTC
Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. Using a log directory that is writeable by the unprivileged user of the service may lead to problems with logrotate. It is questionable whether this actually is the fault of logrotate, the fault of the service, or a packaging bug. ------------------------------------------------------------------------------ Date: Fri, 04 Mar 2011 15:08:31 +0100 From: Jan Lieskovsky <jlieskov@redhat.com> Subject: [oss-security] CVE Request -- logrotate -- nine issues Hello Josh, Steve, vendors, we have been contacted by Stefan Fritsch of Debian Security Team about presence of nine security flaws in the logrotate utility (the list is provided below). These issues have been discovered by Florian Zumbiehl, some by Paul Martin (the Debian logrotate maintainer) and Stefan Fritsch in the subsequent discussion. Could you allocate CVE ids for these issues? Note: We would appreciate if it would be possible to allocate nine CVE ids (even the request amount being high) because later merge os some issues into one could bring yet more confusion, what are the issues and what would the the corresponding patches (thus potentially even more CVEs needed later due incomplete patches etc). This way the flaws are separated by impact / relevant code affected part. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: Apologize for such a long post, but there wasn't other way how to share all the information at once. =============================================================================== 1) Issue #1: logrotate: TOCTOU race condition by creating the compressed or copied log file (information disclosure) A file access race condition (time-of-check, time-of-use, TOCTOU race condition) was found in the way logrotate determines the permissions to newly created files when compression or copying of a log file has been requested. If the logrotate utility was run on a log file contained within an attacker controllable directory, a local attacker could use this flaw to trick the logrotate utility into creating the compressed or copied file with user selected permissions, potentially leading to disclosure of sensitive information. References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=680787 Source code background (issue reason): [2] https://bugzilla.redhat.com/show_bug.cgi?id=680787#c4 Note: First CVE required. ----------- 2) Issue #2: logrotate: Race condition by creation of new files after renaming the previous version if compression or copy creation requested (arbitrary system file integrity corruption) A race condition was found in the way the logrotate utility created new files after renaming the previous version if compression or creation of a copy was requested in the configuration file. If the logrotate utility was run on a log file contained within an attacker controllable directory, a local attacker could use this flaw to trick the logrotate utility into replacing arbitrary system files (if logrotate was run under privileged user account, root) with the copied or compressed contents of a log file. References: [3] https://bugzilla.redhat.com/show_bug.cgi?id=680789 Source code background (issue reason): [4] https://bugzilla.redhat.com/show_bug.cgi?id=680789#c7 Proposed patch: [5] https://bugzilla.redhat.com/show_bug.cgi?id=680789#c3 Note: Second CVE required. ---------- 3) Issue #3: logrotate: TOCTOU race condition by creation of log files after rotation (ability to change file owner / mode on arbitrary system files) A file access race condition (time-of-check, time-of-use, TOCTOU race condition) was found in the way logrotate utility created the log files after rotation, when their immediate creation ("create" configuration option) was requested. A local attacker could use this flaw to change file owner or mode on arbitrary system files to the file owner and mode specified in logrotate's configuration. (if the logrotate utility was run under privileged user, root, and logrotate was run on an attacker controllable directory). References: [6] https://bugzilla.redhat.com/show_bug.cgi?id=680790 Source code background (issue reason): [7] https://bugzilla.redhat.com/show_bug.cgi?id=680790#c3 Note: Third CVE required. ---------- 4) Issue #4: logrotate: Incorrect flags used for truncating of original log file in copytruncate mode (arbitrary file system truncation via symlink / hardlink attacks) It was found that logrotate utility used incorrect flags for truncation of the original log file in place after creating a copy (copytruncate mode). A local attacker could use this flaw to truncate arbitrary system file (if the logrotate utility was run under privileged user account, root) by performing symlink or hardlink attacks. References: [8] https://bugzilla.redhat.com/show_bug.cgi?id=680792 Note: Fourth CVE required. ------------ 5) Issue #5: logrotate: Information disclosure by performing email notifications An information disclosure flaw was found in the way the logrotate utility performed email notifications about rotating of out of existence log files. A local attacker could use this flaw to conduct symlink or hardlink attacks and send arbitrary system files (if the logrotate utility was run under privileged system user, root) to the selected email recipient. References: [9] https://bugzilla.redhat.com/show_bug.cgi?id=680795 Note: Fifth CVE required. ---------- 6) Issue #6: logrotate: Shell command injection by using the shred configuration directive A shell command injection flaw was found in the way the logrotate utility handled shred configuration directive (intended to ensure the log files are not readable after their scheduled deletion). A local attacker could use this flaw to execute arbitrary system commands (if the logrotate was run under privileged system user account, root) when the logrotate utility was run on a log file, within attacker controllable directory. References: [10] https://bugzilla.redhat.com/show_bug.cgi?id=680796 Proposed patch: [11] https://bugzilla.redhat.com/show_bug.cgi?id=680796#c5 Note: Sixth CVE required. The shred option has been introduced in logrotate v3.7.5. ---------- 7) Issue #7: logrotate: DoS due improper escaping of file names within 'write state' action A denial of service flaw was found in the way the logrotate utility performed arguments sanitization, when performing the 'write state' action. A local attacker could use this flaw to cause abort in subsequent logrotate runs via a specially-crafted log file name. References: [12] https://bugzilla.redhat.com/show_bug.cgi?id=680797 Proposed patch: [13] https://bugzilla.redhat.com/show_bug.cgi?id=680797#c3 Note: Seventh CVE required. ---------- [editor's note: will file #8 as separate bug] ---------- 9) Issue #9: logrotate: Improper administration of log files located in world-writable directories A security flaw was found in the way the logrotate utility performed administration of log files, located in group / world writable directories. A local attacker could use this flaw to disclose sensitive information, execute arbitrary code or cause a denial of service, via unintended / unprivileged later modifications of log file directory in question. Different vulnerability than: [1] https://bugzilla.redhat.com/show_bug.cgi?id=680787 (Issue #1), [2] https://bugzilla.redhat.com/show_bug.cgi?id=680789 (Issue #2), [3] https://bugzilla.redhat.com/show_bug.cgi?id=680790 (Issue #3), [4] https://bugzilla.redhat.com/show_bug.cgi?id=680792 (Issue #4), [5] https://bugzilla.redhat.com/show_bug.cgi?id=680795 (Issue #5), [6] https://bugzilla.redhat.com/show_bug.cgi?id=680796 (Issue #6), [7] https://bugzilla.redhat.com/show_bug.cgi?id=680797 (Issue #7), and [8] https://bugzilla.redhat.com/show_bug.cgi?id=680798 (Issue #8). References: [16] https://bugzilla.redhat.com/show_bug.cgi?id=680799 Note: Nineth CVE required. ===============================================================================
affected packages in Factory: cobbler inn/klogd (/etc/logrotate.d/syslog rotates /var/log/news/news*) safte-monitor uucp service owned log dirs without logrotate: cups horde
Explanation by Solar why service owned log dirs are bad: http://article.gmane.org/gmane.comp.security.oss.general/4404
Hmmm ... AFAIK most system admins do not use simple cat to have a look into log files, do they? That is that the content of those log files should not matter even if escape/control sequences are included. The symlink attack could be a problem if an attacker becomes the user/group owner ship of the appropiate service. AFAIK logrotate creates the file before it change the specified user/group owner ship.
*** Bug 675496 has been marked as a duplicate of this bug. ***
From the discussion between [*] Solar Designer and others I understood that the consensus is that these issues (except #8, bug 677336) should be fixed in the affected services and logrotate hardly can/should do anything about it (perhaps except refusing to process logs in a directory writable by non-root users, which is rather a long-term solution). [*] http://thread.gmane.org/gmane.comp.security.oss.general/4381 Therefore, I would suggest to file bugreports against individual affected service packages. Ludwig, what do you think?
yes, that's the plan
I've split off #6 and #7 as separate bugs to be fixed in logrotate
p5->p3 mass change
CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure] CVE-2011-1154 logrotate: Shell command injection by using the shred configuration CVE-2011-1155 logrotate: DoS due improper escaping of file names within 'write state' CVE-2011-1098: CVSS v2 Base Score: 1.9 (LOW) (AV:L/AC:M/Au:N/C:P/I:N/A:N): Race Conditions (CWE-362) CVE-2011-1154: CVSS v2 Base Score: 6.9 (MEDIUM) (AV:L/AC:M/Au:N/C:C/I:C/A:C): Input Validation (CWE-20) CVE-2011-1155: CVSS v2 Base Score: 1.9 (LOW) (AV:L/AC:M/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)
Unfortunately this seems to be never ending story. Fixing the problem in packages doesn't work well as maintainers just don't get it. Can we apply defensive measurements in logrotate please?
I walked through the thread on oss-sec, However, I'm not sure what you exactly mean by the "defensive measure in logrotate"? And for which issue, #9? Issue #9: logrotate: Improper administration of log files located in world-writable directories There's the new "su" option, developed as a result of that discussion. I guess that's what the maintainers should use, but they usually don't. You want something like forcing logrotate to switch user to the directory owner when rotating files in there?
Reading the commit log of logrotate indicates that it's doing exactly that. It refuses to rotate logs in world or group != root writable directories without the 'su' directive. Applying that patch to production systems is probably too risky as logrotate might refuse to rotate logs without the admin noticing. So what about making logrotate only issue the warning message but rotate anyways? That way the admin hopefully notices sooner or later and can change his logrotate configs. Also, packages can use the 'su' directive then. There are also other related fixes in logrotate AFAICS, such as using O_EXCL instead of O_TRUNC.
The O_TRUNC issues (CVE-2011-1098) were already fixed by Petr. And I can add the warning.
Factory and 12.1 already contain the latest logrotate 3.8.1, which is skipping the world or group writable directories. So no warning for these.
The SWAMPID for this issue is 45132. This issue was rated as moderate. Please submit fixed packages until 2012-02-07. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Unfortunately the su option is no silver bullet either. Scripts such as the postrotate scripts are run with that uid too so e.g. signaling a daemon doesn't work anymore then.
Created attachment 472855 [details] patch proposal for sle10 fortunately bash does setuid(getuid()) if uid != euid which is how logrotate calls /bin/sh.
upstream has accepted a forward port of the patch
requesting maintenance update
The SWAMPID for this issue is 45258. This issue was rated as moderate. Please submit fixed packages until 2012-02-14. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/45258
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/102279 11.4 / logrotate
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/102389 12.1 / logrotate
The new logrotate causes errors like error: "/var/log/news" has insecure permissions. It must be owned and be writable by root only to avoid security issues. Please fix the directory permissions or set the "su" directive in the config file. Shouldn't the config files in /etc/logrotate.d/* also be upgraded to include the "su" option, e.g. also update the syslog-service package?
Yes, this was exactly Ludwig's plan, to force packagers to fix their logrotate files.
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/106418 Factory / rpmlint
The SWAMPID for this issue is 45778. This issue was rated as low. Please submit fixed packages until 2012-03-26. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/45778
Update released for: logrotate, logrotate-debuginfo, logrotate-debugsource Products: openSUSE 11.4 (debug, i586, x86_64)
Update released for: logrotate Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: logrotate, logrotate-debuginfo Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: logrotate, logrotate-debuginfo Products: SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Update released for: logrotate, logrotate-debuginfo, logrotate-debugsource Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
logrotate updates were released for all maintained distributions. The update introduces stricter checks on the log directories to thwart known symlink tricks. The update also backports the 'su' option which makes logrotate switch it's euid when rotating logs as well as running external helper such as (de)compressors as the specified user. As consequence logrotate now complains if a log directory is not owned by root but the the 'su' option is missing in the config. Best practice for a fix to get rid of the warning is to make the log directory root owned if possible. In cases where that's not possible as part of a maintenance update for some reason the 'su' option can be added to logrotate's config file. There is no urgent need to update all the affected packages immediately, any future update should include the necessary fixes though.
CVE-2011-1550 can referred to when adding a 'su' option or changing log directory permissions in a package.
The SWAMPID for this issue is 45959. This issue was rated as low. Please submit fixed packages until 2012-04-05. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: snort Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: res-signingkeys, smt, smt-client, smt-debuginfo, smt-debugsource, smt-support Products: SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLE-SMT 11 (i386, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
The SWAMPID for this issue is 47373. This issue was rated as moderate. Please submit fixed packages until 2012-05-31. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/47373
Update released for: mailman, mailman-debuginfo, mailman-debugsource Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: mailman, mailman-debuginfo Products: SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
I've just fixed freeradius-server in Factory. There are probably a bunch of others not-yet-fixed packages in Factory, which are on their way to 12.2. Maybe we should remind the maintainers, or create a tracker bug for these.
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/123359 Factory / freeradius-server
Update released for: quagga, quagga-debuginfo, quagga-devel Products: SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Update released for: quagga, quagga-debuginfo, quagga-debugsource, quagga-devel Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: quagga, quagga-debuginfo, quagga-devel Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: quagga Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/124362 Factory / freeradius-server
Update released for: freeradius-server, freeradius-server-debuginfo, freeradius-server-debugsource, freeradius-server-devel, freeradius-server-dialupadmin, freeradius-server-doc, freeradius-server-libs, freeradius-server-utils Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/134139 Factory / atftp
openSUSE-SU-2012:1200-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 677335,777834 CVE References: CVE-2012-3547 Sources used: openSUSE 12.2 (src): freeradius-server-2.1.12-4.4.1 openSUSE 12.1 (src): freeradius-server-2.1.12-4.1 openSUSE 11.4 (src): freeradius-server-2.1.10-8.1
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/135114 Evergreen:11.2 / freeradius-server
(In reply to comment #44) > There are probably a bunch of others not-yet-fixed packages in Factory, which > are on their way to 12.2. > Maybe we should remind the maintainers, or create a tracker bug for these. I just had a customer come across this for tomcat5 in SLES10SP4: error: "/var/log/tomcat5/base" has insecure permissions. It must be owned and be writable by root only to avoid security problems. Set the "su" directive in the config file to tell logrotate which user/group should be used for rotation. error: "/var/log/tomcat5/base" has insecure permissions. It must be owned and be writable by root only to avoid security problems. Set the "su" directive in the config file to tell logrotate which user/group should be used for rotation. Are there separate bugs for each package yet or are they being handled in another manner?
With regards to Comment #57, it's actually an OES2SP3 server and the installed packages are: tomcat5-5.5.27-0.18.4 kernel: 2.6.16.60-0.97.1-smp
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/135617 Evergreen:11.2 / freeradius-server
The SWAMPID for this issue is 49453. This issue was rated as low. Please submit fixed packages until 2012-10-25. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/49453
*** Bug 778668 has been marked as a duplicate of this bug. ***
Update released for: tomcat5, tomcat5-admin-webapps, tomcat5-webapps Products: SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Update released for: squid, squid-debuginfo, squid-debugsource Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: squid, squid-debuginfo, squid-debugsource Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: squid, squid-debuginfo Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: squid, squid-debuginfo Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Update released for: squid3, squid3-debuginfo, squid3-debugsource Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: squid3, squid3-debuginfo, squid3-debugsource Products: SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/196901 12.2 / squid https://build.opensuse.org/request/show/196904 12.3 / squid https://build.opensuse.org/request/show/196905 12.2 / squid3 https://build.opensuse.org/request/show/196906 Evergreen:11.4 / squid https://build.opensuse.org/request/show/196907 Evergreen:11.4 / squid3.openSUSE_Evergreen_11.4 https://build.opensuse.org/request/show/196908 Evergreen:11.2:Test / squid https://build.opensuse.org/request/show/196909 Evergreen:11.2:Test / squid3
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/196912 12.2 / squid https://build.opensuse.org/request/show/196914 12.2 / squid https://build.opensuse.org/request/show/196915 12.3 / squid https://build.opensuse.org/request/show/196917 12.2 / squid3 https://build.opensuse.org/request/show/196920 Evergreen:11.4 / squid https://build.opensuse.org/request/show/196921 Evergreen:11.4 / squid3.openSUSE_Evergreen_11.4
This is an autogenerated message for OBS integration: This bug (677335) was mentioned in https://build.opensuse.org/request/show/196913 Maintenance / https://build.opensuse.org/request/show/196916 Maintenance /
openSUSE-SU-2013:1435-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 677335,829084,830319 CVE References: CVE-2013-4115,CVE-2013-4123 Sources used: openSUSE 12.3 (src): squid-3.2.11-3.8.1
openSUSE-SU-2013:1436-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 677335,794954,796999,829084 CVE References: CVE-2012-5643,CVE-2013-0188,CVE-2013-0189,CVE-2013-4115 Sources used: openSUSE 12.2 (src): squid-2.7.STABLE9-9.4.1
openSUSE-SU-2013:1441-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 677335,829084 CVE References: CVE-2013-4115 Sources used: openSUSE 12.2 (src): squid3-3.1.23-2.8.1
openSUSE-SU-2013:1443-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 677335,796999,829084 CVE References: CVE-2012-5643,CVE-2013-0188,CVE-2013-0189,CVE-2013-4115 Sources used: openSUSE 11.4 (src): squid-2.7.STABLE6-10.17.1
openSUSE-SU-2013:1444-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 677335,829084 CVE References: CVE-2013-4115 Sources used: openSUSE 11.4 (src): squid3-3.1.23-19.1
Update released for: squid, squid-debuginfo, squid-debugsource Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
all pending bugs are fixed.
Update released for: squid3, squid3-debuginfo, squid3-debugsource Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: squid3, squid3-debuginfo, squid3-debugsource Products: SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0569-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 677335,867533 CVE References: CVE-2014-0128 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): squid3-3.1.12-8.16.18.1 SUSE Linux Enterprise Server 11 SP3 (src): squid3-3.1.12-8.16.18.1