Public bug reported: Description: lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0308 http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.ubuntu.com/usn/usn-901-1
Upstream patch: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch ** Affects: squid3 (Ubuntu) Importance: Undecided Assignee: Mahyuddin Susanto (udienz) Status: In Progress ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-0308 ** Changed in: squid3 (Ubuntu) Status: New => In Progress ** Changed in: squid3 (Ubuntu) Assignee: (unassigned) => Mahyuddin Susanto (udienz) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907686 Title: CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907686/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs