Bug 18122

Summary: squid new security issues CVE-2016-3947 and CVE-2016-3948
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/682384/
Whiteboard: has_procedure advisory MGA5-32-OK
Source RPM: squid-3.5.15-1.1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-04-04 22:49:15 CEST 
Upstream has issued advisories on April 2:
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated squid packages fix security vulnerabilities:

Due to a buffer overrun, the Squid pinger binary in Squid before 3.5.16 is
vulnerable to a denial of service or information leak attack when processing
ICMPv6 packets. This bug also permits the server response to manipulate other
ICMP and ICMPv6 queries processing to cause information leaks (CVE-2016-3947).

Due to incorrect bounds checking, Squid before 3.5.16 is vulnerable to a
denial of service attack when processing HTTP responses (CVE-2016-3948).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
========================

Updated packages in core/updates_testing:
========================
squid-3.5.16-1.mga5
squid-cachemgr-3.5.16-1.mga5

from squid-3.5.16-1.mga5.src.rpm
Comment 1 David Walser 2016-04-04 22:49:29 CEST 
Testing hints:
https://bugs.mageia.org/show_bug.cgi?id=14004#c3
https://bugs.mageia.org/show_bug.cgi?id=16304#c14

Whiteboard: (none) => has_procedure

David Walser 2016-04-04 23:04:26 CEST

URL: (none) => http://lwn.net/Vulnerabilities/682384/

Comment 2 David Walser 2016-04-04 23:47:20 CEST 
Working fine on our production proxy at work, Mageia 5 i586.

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 3 claire robinson 2016-04-06 10:13:35 CEST 
validating

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 claire robinson 2016-04-06 10:20:19 CEST 
advisory uploaded

Whiteboard: has_procedure MGA5-32-OK => has_procedure advisory MGA5-32-OK

Comment 5 Mageia Robot 2016-04-06 16:10:42 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0133.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 6 David Walser 2016-04-06 19:10:07 CEST 
LWN reference for CVE-2016-3948:
http://lwn.net/Vulnerabilities/682760/