Test Kennung:	1.3.6.1.4.1.25623.1.0.70504
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2011:150 (squid)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to squid announced via advisory MDVSA-2011:150. A vulnerability has been discovered and corrected in squid: Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression (CVE-2011-3205). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:150 Risk factor : High
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0094 BugTraq ID: 12276 http://www.securityfocus.com/bid/12276 Conectiva Linux advisory: CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Debian Security Information: DSA-651 (Google Search) http://www.debian.org/security/2005/dsa-651 http://fedoranews.org/updates/FEDORA--.shtml http://security.gentoo.org/glsa/glsa-200501-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146 http://www.redhat.com/support/errata/RHSA-2005-060.html http://www.redhat.com/support/errata/RHSA-2005-061.html http://secunia.com/advisories/13825 SuSE Security Announcement: SUSE-SA:2005:006 (Google Search) http://www.novell.com/linux/security/advisories/2005_06_squid.html http://www.trustix.org/errata/2005/0003/ Common Vulnerability Exposure (CVE) ID: CVE-2011-3205 1025981 http://securitytracker.com/id?1025981 45805 http://secunia.com/advisories/45805 45906 http://secunia.com/advisories/45906 45920 http://secunia.com/advisories/45920 45965 http://secunia.com/advisories/45965 46029 http://secunia.com/advisories/46029 49356 http://www.securityfocus.com/bid/49356 74847 http://www.osvdb.org/74847 DSA-2304 http://www.debian.org/security/2011/dsa-2304 FEDORA-2011-11854 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html MDVSA-2011:150 http://www.mandriva.com/security/advisories?name=MDVSA-2011:150 RHSA-2011:1293 http://www.redhat.com/support/errata/RHSA-2011-1293.html SUSE-SU-2011:1019 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html SUSE-SU-2016:1996 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SUSE-SU-2016:2089 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html [oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/29/2 [oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/30/4 http://openwall.com/lists/oss-security/2011/08/30/8 http://www.squid-cache.org/Advisories/SQUID-2011_3.txt http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch https://bugzilla.redhat.com/show_bug.cgi?id=734583 openSUSE-SU-2011:1018 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3208 BugTraq ID: 49534 http://www.securityfocus.com/bid/49534 Debian Security Information: DSA-2318 (Google Search) http://www.debian.org/security/2011/dsa-2318 http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200 http://www.osvdb.org/75307 http://www.redhat.com/support/errata/RHSA-2011-1317.html http://securitytracker.com/id?1026031 http://secunia.com/advisories/45938 http://secunia.com/advisories/45975 http://secunia.com/advisories/46064 SuSE Security Announcement: SUSE-SU-2011:1034 (Google Search) https://hermes.opensuse.org/messages/11723935 SuSE Security Announcement: openSUSE-SU-2011:1036 (Google Search) http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html XForce ISS Database: cyrus-splitwildmats-bo(69679) https://exchange.xforce.ibmcloud.com/vulnerabilities/69679
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.