** Also affects: squid3 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: squid3 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: squid3 (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: squid3 (Ubuntu Natty)
Importance: Undecided
Status: New
** Changed in: squid3 (Ubuntu)
Status: New => Fix Released
** Description changed:
Description
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 3.2.0.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
CVE-2005-0094 regression.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205
https://bugzilla.redhat.com/show_bug.cgi?id=734583
Patch: http://www.squid-
cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch
+
+ Fixed in Version: Squid 3.0.STABLE26, 3.1.15, 3.2.0.11
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
https://bugs.launchpad.net/bugs/907690
Title:
CVE-2011-3205: DoS (memory corruption and daemon restart) or remote
Gopher servers.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
