Bug 222883 - (CVE-2007-0247) CVE-2007-0247 Squid crashes when receiving certain FTP listings
CVE-2007-0247 Squid crashes when receiving certain FTP listings
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: squid (Show other bugs)
6
All Linux
high Severity high
: ---
: ---
Assigned To: Martin Stransky
http://www.squid-cache.org/bugs/show_...
impact=important,source=gentoo,report...
: Security
Depends On:
Blocks: 222884
  Show dependency treegraph
 
Reported: 2007-01-16 13:29 EST by Lubomir Kundrak
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-17 04:21:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch for Squid FTP triggered DoS #1857 (1.26 KB, patch)
2007-01-16 13:29 EST, Lubomir Kundrak
no flags Details | Diff

  None (edit)
Description Lubomir Kundrak 2007-01-16 13:29:37 EST
Description of problem:

Visiting this [1] URL makes Squid die upon receival of SIGSEGV Signal.
[1] ftp://ftp.debian.org/pub/debian/dists/sid/main/binary-hurd-i386;type=d

Version-Release number of selected component (if applicable):

Seems to be introduced with 2.5.STABLE11, so does affect
Fedora 5 and 6 and RHEL 5.

Additional info:

Fixed in 2.6.STABLE11.
See the upstream bug report [2] for patch.
[2] http://www.squid-cache.org/bugs/show_bug.cgi?id=1857
Comment 1 Lubomir Kundrak 2007-01-16 13:29:37 EST
Created attachment 145712 [details]
Upstream patch for Squid FTP triggered DoS #1857
Comment 2 Martin Stransky 2007-01-17 04:21:28 EST
fixed in squid-2.6.STABLE7-1.fc6
Comment 3 Fedora Update System 2007-01-17 11:32:03 EST
squid-2.5.STABLE14-3.FC5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 4 Josh Bressers 2007-01-21 16:58:57 EST
Martin,

I've not seen the fc6 update for this.  Are you planning to wait before pushing it?

Note You need to log in before you can comment on or make changes to this bug.