Bug 626927 (CVE-2010-2951)
Summary: | CVE-2010-2951 squid: child assertion failure when processing large DNS replies with no IPv6 resolver present | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | henrik, jonathansteffan, jskala, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-25 13:03:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 626933 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2010-08-24 17:25:28 UTC
This issue did NOT affect the versions of the squid package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. -- This issue affects the versions of the squid package, as shipped with Fedora release of 12 and 13. Please fix. Created squid tracking bugs for this issue Affects: fedora-all [bug 626933] This affects the 3.1.6 version in Fedora updates-testing only. Issue got introduced in Squid-3.1.5.1. Latest stable release pushed for Fedora is 3.1.4 which do not have this issue. It's a stability issue where Squid due to a coding error automatically restarts if not able to talk to a resolver over IPv6 and needing to retry the DNS query over TCP. It's not really something I would grade as a security issue. And no, it's not a buffer overflow. Just a plain assertion failed crash/abort due to trying to use a unset socket filedescriptor (-1) for talking to the resolver. Henrik, thank you for clarifications! *** Bug 649543 has been marked as a duplicate of this bug. *** |