[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
This bug was fixed in the package squid3 - 3.0.STABLE19-1ubuntu0.2 --- squid3 (3.0.STABLE19-1ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet that only contains header. (LP: #907686) - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream. - CVE-2010-0308 * SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. (LP: #907690) - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream. - CVE-2010-0639 * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response by remote Gopher servers. (LP: #907687) - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream. - CVE-2011-3205 -- Mahyuddin Susanto udi...@ubuntu.com Wed, 18 Jan 2012 12:46:59 +0700 ** Changed in: squid3 (Ubuntu Lucid) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-0308 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-0639 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
debdiff looks good. ACK. I'm building the package now and will release it today. Thanks! ** Changed in: squid3 (Ubuntu Lucid) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
Maverick-Oneiric have been released now, and will appear in mirrors in the next few hours. ** Changed in: squid3 (Ubuntu Maverick) Status: Fix Committed = Fix Released ** Changed in: squid3 (Ubuntu Natty) Status: Fix Committed = Fix Released ** Changed in: squid3 (Ubuntu Oneiric) Status: Fix Committed = Fix Released ** Changed in: squid3 (Ubuntu Lucid) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
** Patch removed: squid3-lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643908/+files/squid3-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
attached new debdiff for lucid-security ** Patch added: squid3_3.0.STABLE19-1ubuntu0.2.dsc.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2680245/+files/squid3_3.0.STABLE19-1ubuntu0.2.dsc.debdiff ** Changed in: squid3 (Ubuntu Lucid) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
Thanks for the debdiffs. Sorry for the delay in reviewing them. ACK for maverick, natty and oneiric. They are being built now and will be released in a few hours. NACK for lucid. There seems to be a line missing in the CVE-2011-3205 patch. Could you please check, and attach a fixed debdiff? Thanks! ** Changed in: squid3 (Ubuntu Maverick) Status: New = Fix Committed ** Changed in: squid3 (Ubuntu Oneiric) Status: New = Fix Committed ** Changed in: squid3 (Ubuntu Natty) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
** Changed in: squid3 (Ubuntu) Status: Triaged = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
** Also affects: squid3 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: squid3 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: squid3 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: squid3 (Ubuntu Natty) Importance: Undecided Status: New ** Changed in: squid3 (Ubuntu) Status: New = Fix Released ** Description changed: Description Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205 https://bugzilla.redhat.com/show_bug.cgi?id=734583 Patch: http://www.squid- cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch + + Fixed in Version: Squid 3.0.STABLE26, 3.1.15, 3.2.0.11 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
** This bug has been flagged as a security vulnerability ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3205 ** Patch added: squid3-lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643908/+files/squid3-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
** Patch added: squid3-natty.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643910/+files/squid3-natty.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
** Patch added: squid3-maverick.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643909/+files/squid3-maverick.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 907690] Re: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
** Patch added: squid3-oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643911/+files/squid3-oneiric.debdiff ** Changed in: squid3 (Ubuntu) Status: In Progress = New ** Changed in: squid3 (Ubuntu) Assignee: Mahyuddin Susanto (udienz) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs