ID de Prueba:	1.3.6.1.4.1.25623.1.0.70787
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201110-24 (Squid)
Resumen:	The remote host is missing updates announced in;advisory GLSA 201110-24.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 201110-24. Vulnerability Insight: Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a Denial of Service. Solution: All squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-proxy/squid-3.1.15' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2621 BugTraq ID: 35812 http://www.securityfocus.com/bid/35812 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securitytracker.com/id?1022607 http://secunia.com/advisories/36007 http://www.vupen.com/english/advisories/2009/2013 Common Vulnerability Exposure (CVE) ID: CVE-2009-2622 Common Vulnerability Exposure (CVE) ID: CVE-2009-2855 BugTraq ID: 36091 http://www.securityfocus.com/bid/36091 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982 http://www.squid-cache.org/bugs/show_bug.cgi?id=2704 http://www.openwall.com/lists/oss-security/2009/07/20/10 http://www.openwall.com/lists/oss-security/2009/08/03/3 http://www.openwall.com/lists/oss-security/2009/08/04/6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592 http://www.securitytracker.com/id?1022757 XForce ISS Database: squid-strlistgetitem-dos(52610) https://exchange.xforce.ibmcloud.com/vulnerabilities/52610 Common Vulnerability Exposure (CVE) ID: CVE-2010-0308 1023520 http://www.securitytracker.com/id?1023520 37522 http://www.securityfocus.com/bid/37522 38451 http://secunia.com/advisories/38451 38455 http://secunia.com/advisories/38455 62044 http://osvdb.org/62044 ADV-2010-0260 http://www.vupen.com/english/advisories/2010/0260 http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch oval:org.mitre.oval:def:11270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270 squid-dns-dos(56001) https://exchange.xforce.ibmcloud.com/vulnerabilities/56001 Common Vulnerability Exposure (CVE) ID: CVE-2010-0639 BugTraq ID: 38212 http://www.securityfocus.com/bid/38212 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html http://bugs.squid-cache.org/show_bug.cgi?id=2858 http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch http://osvdb.org/62297 http://www.securitytracker.com/id?1023587 http://secunia.com/advisories/38812 http://www.vupen.com/english/advisories/2010/0371 http://www.vupen.com/english/advisories/2010/0603 Common Vulnerability Exposure (CVE) ID: CVE-2010-2951 [oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present http://www.openwall.com/lists/oss-security/2010/08/24/6 [oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present http://www.openwall.com/lists/oss-security/2010/08/24/7 http://www.openwall.com/lists/oss-security/2010/08/25/2 http://www.openwall.com/lists/oss-security/2010/08/25/6 [squid-users] 20100824 Squid 3.1.7 is available http://marc.info/?l=squid-users&m=128263555724981&w=2 http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 http://bugs.gentoo.org/show_bug.cgi?id=334263 http://bugs.squid-cache.org/show_bug.cgi?id=3009 http://bugs.squid-cache.org/show_bug.cgi?id=3021 http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch https://bugzilla.redhat.com/show_bug.cgi?id=626927 Common Vulnerability Exposure (CVE) ID: CVE-2010-3072 41298 http://secunia.com/advisories/41298 41477 http://secunia.com/advisories/41477 41534 http://secunia.com/advisories/41534 42982 http://www.securityfocus.com/bid/42982 ADV-2010-2433 http://www.vupen.com/english/advisories/2010/2433 DSA-2111 http://www.debian.org/security/2010/dsa-2111 FEDORA-2010-14222 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html FEDORA-2010-14236 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html [oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) http://www.openwall.com/lists/oss-security/2010/09/05/2 [oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) http://www.openwall.com/lists/oss-security/2010/09/07/7 http://www.squid-cache.org/Advisories/SQUID-2010_3.txt http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch https://bugzilla.redhat.com/show_bug.cgi?id=630444 Common Vulnerability Exposure (CVE) ID: CVE-2011-3205 1025981 http://securitytracker.com/id?1025981 45805 http://secunia.com/advisories/45805 45906 http://secunia.com/advisories/45906 45920 http://secunia.com/advisories/45920 45965 http://secunia.com/advisories/45965 46029 http://secunia.com/advisories/46029 49356 http://www.securityfocus.com/bid/49356 74847 http://www.osvdb.org/74847 DSA-2304 http://www.debian.org/security/2011/dsa-2304 FEDORA-2011-11854 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html MDVSA-2011:150 http://www.mandriva.com/security/advisories?name=MDVSA-2011:150 RHSA-2011:1293 http://www.redhat.com/support/errata/RHSA-2011-1293.html SUSE-SU-2011:1019 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html SUSE-SU-2016:1996 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SUSE-SU-2016:2089 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html [oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/29/2 [oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/30/4 http://openwall.com/lists/oss-security/2011/08/30/8 http://www.squid-cache.org/Advisories/SQUID-2011_3.txt http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch https://bugzilla.redhat.com/show_bug.cgi?id=734583 openSUSE-SU-2011:1018 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
Copyright	Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.