973782 – (CVE-2016-3947) VUL-0: CVE-2016-3947: squid,squid3: Denial of service or information leak attack when processing ICMPv6 packets.

Bug 973782 (CVE-2016-3947) - VUL-0: CVE-2016-3947: squid,squid3: Denial of service or information leak attack when processing ICMPv6 packets.

Summary: VUL-0: CVE-2016-3947: squid,squid3: Denial of service or information leak att...

Status:	RESOLVED FIXED

Alias:	CVE-2016-3947

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/165623/
Whiteboard:	CVSSv2:SUSE:CVE-2016-3947:5.8:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-04-04 07:50 UTC by Johannes Segitz
Modified:	2020-06-11 20:30 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-04-04 07:50:21 UTC

CVE-2016-3947

Problem Description:

 Due to a buffer overrun Squid pinger binary is vulnerable to
 denial of service or information leak attack when processing
 ICMPv6 packets.

 This bug also permits the server response to manipulate other
 ICMP and ICMPv6 queries processing to cause information leak.

Further details are available in
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947
http://seclists.org/oss-sec/2016/q2/3

Comment 2 Swamp Workflow Management 2016-04-04 22:00:33 UTC

bugbot adjusting priority

Comment 9 Swamp Workflow Management 2016-08-09 15:13:59 UTC

SUSE-SU-2016:1996-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 895773,902197,938715,963539,967011,968392,968393,968394,968395,973782,973783,976553,976556,976708,979008,979009,979010,979011
CVE References: CVE-2011-3205,CVE-2011-4096,CVE-2012-5643,CVE-2013-0188,CVE-2013-4115,CVE-2014-0128,CVE-2014-6270,CVE-2014-7141,CVE-2014-7142,CVE-2015-5400,CVE-2016-2390,CVE-2016-2569,CVE-2016-2570,CVE-2016-2571,CVE-2016-2572,CVE-2016-3947,CVE-2016-3948,CVE-2016-4051,CVE-2016-4052,CVE-2016-4053,CVE-2016-4054,CVE-2016-4553,CVE-2016-4554,CVE-2016-4555,CVE-2016-4556
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    squid3-3.1.23-8.16.27.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    squid3-3.1.23-8.16.27.1

Comment 10 Swamp Workflow Management 2016-08-09 15:29:56 UTC

SUSE-SU-2016:2008-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 902197,929493,938715,955783,959290,963539,968392,968393,968394,968395,973782,973783,976553,976556,979008,979009,979010,979011
CVE References: CVE-2015-3455,CVE-2015-5400,CVE-2016-2569,CVE-2016-2570,CVE-2016-2571,CVE-2016-2572,CVE-2016-3947,CVE-2016-3948,CVE-2016-4051,CVE-2016-4052,CVE-2016-4053,CVE-2016-4054,CVE-2016-4553,CVE-2016-4554,CVE-2016-4555,CVE-2016-4556
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    squid-3.3.14-20.2

Comment 11 Swamp Workflow Management 2016-08-16 13:10:42 UTC

openSUSE-SU-2016:2081-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 902197,929493,938715,955783,959290,963539,968392,968393,968394,968395,973782,973783,976553,976556,979008,979009,979010,979011
CVE References: CVE-2015-3455,CVE-2015-5400,CVE-2016-2569,CVE-2016-2570,CVE-2016-2571,CVE-2016-2572,CVE-2016-3947,CVE-2016-3948,CVE-2016-4051,CVE-2016-4052,CVE-2016-4053,CVE-2016-4054,CVE-2016-4553,CVE-2016-4554,CVE-2016-4555,CVE-2016-4556
Sources used:
openSUSE Leap 42.1 (src):    squid-3.3.14-6.1

Comment 12 Swamp Workflow Management 2016-08-16 16:10:24 UTC

SUSE-SU-2016:2089-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 895773,902197,938715,963539,967011,968392,968393,968394,968395,973782,973783,976553,976556,976708,979008,979009,979010,979011,993299
CVE References: CVE-2011-3205,CVE-2011-4096,CVE-2012-5643,CVE-2013-0188,CVE-2013-4115,CVE-2014-0128,CVE-2014-6270,CVE-2014-7141,CVE-2014-7142,CVE-2015-5400,CVE-2016-2390,CVE-2016-2569,CVE-2016-2570,CVE-2016-2571,CVE-2016-2572,CVE-2016-3947,CVE-2016-3948,CVE-2016-4051,CVE-2016-4052,CVE-2016-4053,CVE-2016-4054,CVE-2016-4553,CVE-2016-4554,CVE-2016-4555,CVE-2016-4556
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    squid3-3.1.23-8.16.30.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    squid3-3.1.23-8.16.30.1

Comment 13 Marcus Meissner 2016-12-19 10:39:57 UTC

released

Comment 14 Swamp Workflow Management 2019-05-08 11:31:25 UTC

This is an autogenerated message for OBS integration:
This bug (973782) was mentioned in
https://build.opensuse.org/request/show/701549 Factory / squid