> From: fw@deneb.enyo.de > To: debian-security-announce@lists.debian.org > Date: Fri, 6 Jan 2012 15:28:52 +0100 > Subject: [SECURITY] [DSA 2381-1] squid3 security update > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2381-1 security@debian.org > http://www.debian.org/security/ Florian Weimer > January 06, 2012 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : squid3 > Vulnerability : invalid memory deallocation > Problem type : remote > Debian-specific: no > CVE ID : CVE-2011-4096 > > It was discovered that the IPv6 support code in Squid does not > properly handle certain DNS responses, resulting in deallocation of an > invalid pointer and a daemon crash. > > The squid package and the version of squid3 shipped in lenny lack IPv6 > support and are not affected by this issue. > > For the stable distribution (squeeze), this problem has been fixed in > version 3.1.6-1.2+squeeze2. > > For the testing distribution (wheezy) and the unstable distribution > (sid), this problem has been fixed in version 3.1.18-1. > > We recommend that you upgrade your squid3 packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: debian-security-announce@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iQEcBAEBAgAGBQJPBwcOAAoJEL97/wQC1SS+m9IH/jRWc9kKuku8KXGpihVK5TCB > boq81hmIlO74Oa9ZSlF3lEAVU4ZqlFtkCnrWxW3ieRP5zK22P/OvMSdM+RxsWu/M > gFi4gueXBKD2a1wks26c5kVcOaeg2cgz4uBQowdSAkwg+vXR9x2ZGr0Ed4CeMziO > OqcYiMkfX8/niCV1xCQuF+9QlLD24EFOQpp49elH34aBZmjnhZGNMf1ok2aISydV > 8/LO4PRYhVjSM1cCqtiVc/6kyCgpCVezluhAsfFhn4+GcslI5/deaf3xlgybH0Mz > 4WFT6y0U/iHn8SvbzXQAL4c8Q0UiIMSRKBsxiGv+jIDLkaOBL0cd1Sp63/AWptM= > =7lar > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > Archive: http://lists.debian.org/878vlkvra3.fsf@mid.deneb.enyo.de > |