Bug 530862 (CVE-2009-3700, CVE-2009-3826)
Summary: | squidGuard: buffer overflow in sgLog.c (CVE-2009-3700) and two URL filter bypass issues (CVE-2009-3826) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | gwync |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/37107/ | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-11-04 14:00:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2009-10-25 18:17:09 UTC
These issues affects the versions of the squidGuard package, as shipped with Fedora release of 10 and 11. Please fix. squidGuard-1.4-8.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/squidGuard-1.4-8.fc10 squidGuard-1.4-8.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/squidGuard-1.4-8.fc11 CVE-2009-3700: Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode." CVE-2009-3826: Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. squidGuard-1.4-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. squidGuard-1.4-8.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |