enterprise-support team mailing list archive

Thread
Date

[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Mahyuddin Susanto <saya@xxxxxxxxxxxxx>
Date: Wed, 04 Jan 2012 11:48:29 -0000
Reply-to: Bug 907690 <907690@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: squid3 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: squid3 (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: squid3 (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: squid3 (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Changed in: squid3 (Ubuntu)
       Status: New => Fix Released

** Description changed:

  Description
  Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
  reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
  before 3.2.0.11 allows remote Gopher servers to cause a denial of service
  (memory corruption and daemon restart) or possibly have unspecified other
  impact via a long line in a response. NOTE: This issue exists because of a
  CVE-2005-0094 regression.
  
  References
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205
  https://bugzilla.redhat.com/show_bug.cgi?id=734583
  
  Patch: http://www.squid-
  cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch
+ 
+ Fixed in Version:       Squid 3.0.STABLE26, 3.1.15, 3.2.0.11

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid3 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/907690

Title:
  CVE-2011-3205: DoS (memory corruption and daemon restart) or remote
  Gopher servers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions