Bugzilla – Bug 830319
VUL-0: CVE-2013-4123: squid: SQUID-2013:3 Denial of service in request processing
Last modified: 2016-04-27 19:28:38 UTC
public via squid CVE-2013-4123 Squid web proxy version 3.2 up to and including 3.2.12 and 3.3 up to including 3.3.7 are vulnerable to a denialof service attack from any client able to generate crafted HTTP requests. References: http://www.squid-cache.org/Advisories/SQUID-2013_3.txt http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch PS. for preview replace "www" with "master" in the official links above. There is no embargo. Amos Jeffries Squid Project
bugbot adjusting priority
The SWAMPID for this issue is 53765. This issue was rated as moderate. Please submit fixed packages until 2013-08-08. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
sle* squid,squid3 packages are unaffected.
This is an autogenerated message for OBS integration: This bug (830319) was mentioned in https://build.opensuse.org/request/show/196904 12.3 / squid
This is an autogenerated message for OBS integration: This bug (830319) was mentioned in https://build.opensuse.org/request/show/196915 12.3 / squid
This is an autogenerated message for OBS integration: This bug (830319) was mentioned in https://build.opensuse.org/request/show/196913 Maintenance /
Affected is only the package named "squid" in openSUSE-12.3, which is of version 3.2.11. Fix also comes with fix for concurrent/independent bug bnc#829084. Package submitted, revoked and re-submitted. Twice. The one revoked. Short: There's only one... Reassigning to security-team@suse.de for shipping+handling.
openSUSE-SU-2013:1435-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 677335,829084,830319 CVE References: CVE-2013-4115,CVE-2013-4123 Sources used: openSUSE 12.3 (src): squid-3.2.11-3.8.1
done