Welcome to Soft32 Linux Forums!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Bug#553319: CVE-2009-3826, CVE-2009-3700

  
   Soft32 Home -> Linux -> Bugs RC RSS
Next:  Bug#553332: Too dependy on perl?  
Author Message
Giuseppe Iuculano

External


Since: Oct 03, 2009
Posts: 12



(Msg. 1) Posted: Fri Oct 30, 2009 7:20 am
Post subject: Bug#553319: CVE-2009-3826, CVE-2009-3700
Archived from groups: linux>debian>bugs>rc (more info?)
Package: squidguard
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for squidguard.

CVE-2009-3826[0]:
| Multiple buffer overflows in squidGuard 1.4 allow remote attackers to
| bypass intended URL blocking via a long URL, related to (1) the
| relationship between a certain buffer size in squidGuard and a certain
| buffer size in Squid and (2) a redirect URL that contains information
| about the originally requested URL.

CVE-2009-3700[1]:
| Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
| attackers to cause a denial of service (application hang or loss of
| blocking functionality) via a long URL with many / (slash) characters,
| related to "emergency mode."

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3826
http://security-tracker.debian.org/tracker/CVE-2009-3826
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3700
http://security-tracker.debian.org/tracker/CVE-2009-3700


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrqnvwACgkQNxpp46476aosywCdG1RhnDUXFIt6fMam/qpeyhdy
C34AoIe1UrEymK7C9iJ6fZMe7WyT8oKu
=Lucd
-----END PGP SIGNATURE-----



--
To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Bug#435572: octave2.1-forge: the package cannot be install.. - Package: octave2.1-forge Severity: serious Justification: Policy 3.5 Hi, the package depends on libgsl0 which is no....

Bug#424445: Proposed patch for #424445 (turkey FTBFS) - I have used a slightly modified version of your patch in Ubuntu, and now thanks to you we also are able to compile for....

Bug#311188: (no subject) - I send some little pings to some of the bugs who can be easily fixed. For the syslogd stuff I would wait if joey..

Bug#435586: centerim-utf8: undeclared overlap with centerim - Package: centerim-utf8 Version: 4.22.1-1 Severity: serious Package does not install: Unpacking centerim-utf8 (from..

Bug#435600: apt-rpm_0.5.15lorg3.2-2(ia64/unstable): FTBFS:.. - Package: apt-rpm Version: 0.5.15lorg3.2-2 Severity: serious There was an error while trying to autobuild your package:...

[News] [Rival] 2009 Vista SP1 Release Rumour Still Alive, .. - [According to the latest, these patches were /leaked/, not released and the timeline looks grim] Vista Hotfix Packs..
       Soft32 Home -> Linux -> Bugs RC All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Categories:
 Windows
  Linux
 Mac
 PDA

[ Contact us | Terms of Service/Privacy Policy ]