Bug 976556 (CVE-2016-4054) - VUL-0: CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: squid,squid3: Multiple on-stack buffer overflow from incorrect bounds calculation in Squid ESI processing
Summary: VUL-0: CVE-2016-4052, CVE-2016-4053, CVE-2016-4054: squid,squid3: Multiple on...
Status: RESOLVED FIXED
Alias: CVE-2016-4054
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/168098/
Whiteboard: CVSSv2:RedHat:CVE-2016-4054:5.1:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-21 08:39 UTC by Johannes Segitz
Modified: 2019-07-16 16:36 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-04-21 08:39:00 UTC 
CVE-2016-4052: Multiple on-stack buffer overflow from incorrect bounds calculation in
Squid ESI processing has been reported by CESG (CESG REF: 56284998 /
VULNERABILITY ID: 393536) which allows remote code execution or denial
of service if depending on the OS overflow protections which are active.

CVE-2016-4053: Further investigation has found that when compiler optimization is
applied incorrect use of assert() leads to information disclosure of
stack contents to remote clients 

CVE-2016-4054: a second buffer overflow leads to
further remote code execution possibilities.

Squid-2.x are not vulnerable.
Squid-3.x up to and including 3.5.16,
Squid-4.x up to and including 4.0.8,
 when built with --enable-esi and used for either CDN reverse-proxy or
TLS MITM are vulnerable.

Upstream report will be at:
 <http://www.squid-cache.org/Advisories/SQUID-2016_6.txt>

Patches at:
 <http://www.squid-cache.org/Versions/v4/changesets/squid-4-14648.patch>
 <http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch>
 <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch>
 <http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch>
 <http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch>

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4054
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4052
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4053
http://seclists.org/oss-sec/2016/q2/120
Comment 1 Swamp Workflow Management 2016-04-21 22:00:40 UTC 
bugbot adjusting priority
Comment 8 Swamp Workflow Management 2016-08-09 15:14:24 UTC 
SUSE-SU-2016:1996-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 895773,902197,938715,963539,967011,968392,968393,968394,968395,973782,973783,976553,976556,976708,979008,979009,979010,979011
CVE References: CVE-2011-3205,CVE-2011-4096,CVE-2012-5643,CVE-2013-0188,CVE-2013-4115,CVE-2014-0128,CVE-2014-6270,CVE-2014-7141,CVE-2014-7142,CVE-2015-5400,CVE-2016-2390,CVE-2016-2569,CVE-2016-2570,CVE-2016-2571,CVE-2016-2572,CVE-2016-3947,CVE-2016-3948,CVE-2016-4051,CVE-2016-4052,CVE-2016-4053,CVE-2016-4054,CVE-2016-4553,CVE-2016-4554,CVE-2016-4555,CVE-2016-4556
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    squid3-3.1.23-8.16.27.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    squid3-3.1.23-8.16.27.1
Comment 9 Swamp Workflow Management 2016-08-09 15:30:24 UTC 
SUSE-SU-2016:2008-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 902197,929493,938715,955783,959290,963539,968392,968393,968394,968395,973782,973783,976553,976556,979008,979009,979010,979011
CVE References: CVE-2015-3455,CVE-2015-5400,CVE-2016-2569,CVE-2016-2570,CVE-2016-2571,CVE-2016-2572,CVE-2016-3947,CVE-2016-3948,CVE-2016-4051,CVE-2016-4052,CVE-2016-4053,CVE-2016-4054,CVE-2016-4553,CVE-2016-4554,CVE-2016-4555,CVE-2016-4556
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    squid-3.3.14-20.2
Comment 10 Swamp Workflow Management 2016-08-16 13:11:08 UTC 
openSUSE-SU-2016:2081-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 902197,929493,938715,955783,959290,963539,968392,968393,968394,968395,973782,973783,976553,976556,979008,979009,979010,979011
CVE References: CVE-2015-3455,CVE-2015-5400,CVE-2016-2569,CVE-2016-2570,CVE-2016-2571,CVE-2016-2572,CVE-2016-3947,CVE-2016-3948,CVE-2016-4051,CVE-2016-4052,CVE-2016-4053,CVE-2016-4054,CVE-2016-4553,CVE-2016-4554,CVE-2016-4555,CVE-2016-4556
Sources used:
openSUSE Leap 42.1 (src):    squid-3.3.14-6.1
Comment 11 Swamp Workflow Management 2016-08-16 16:10:55 UTC 
SUSE-SU-2016:2089-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 895773,902197,938715,963539,967011,968392,968393,968394,968395,973782,973783,976553,976556,976708,979008,979009,979010,979011,993299
CVE References: CVE-2011-3205,CVE-2011-4096,CVE-2012-5643,CVE-2013-0188,CVE-2013-4115,CVE-2014-0128,CVE-2014-6270,CVE-2014-7141,CVE-2014-7142,CVE-2015-5400,CVE-2016-2390,CVE-2016-2569,CVE-2016-2570,CVE-2016-2571,CVE-2016-2572,CVE-2016-3947,CVE-2016-3948,CVE-2016-4051,CVE-2016-4052,CVE-2016-4053,CVE-2016-4054,CVE-2016-4553,CVE-2016-4554,CVE-2016-4555,CVE-2016-4556
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    squid3-3.1.23-8.16.30.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    squid3-3.1.23-8.16.30.1
Comment 12 Marcus Meissner 2016-12-19 10:41:30 UTC 
released
Comment 13 Swamp Workflow Management 2019-05-08 11:31:40 UTC 
This is an autogenerated message for OBS integration:
This bug (976556) was mentioned in
https://build.opensuse.org/request/show/701549 Factory / squid