Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-4051

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.

Related bugs and status

CVE-2016-4051 (Candidate) is related to these bugs:

Bug #1391159: squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl

Summary				In	Importance	Status
	1391159	squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl		squid3 (Ubuntu)	Undecided	Fix Released
	1391159	squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl		squid3 (Debian)	Undecided	Fix Released

Bug #1644538: Please sync Squid 3.5 latest from Debian

Summary				In	Importance	Status
	1644538	Please sync Squid 3.5 latest from Debian		squid3 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016042...
MLIST: [oss-security] 2016042...
CONFIRM: http://www.squid-cache...
SECTRACK: 1035646
UBUNTU: USN-2995-1
CONFIRM: http://www.oracle.com/...
BID: 91787
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3625
GENTOO: GLSA-201607-01
SUSE: openSUSE-SU-2016:2081
SUSE: SUSE-SU-2016:1996
SUSE: SUSE-SU-2016:2089
BID: 86788
REDHAT: RHSA-2016:1138
REDHAT: RHSA-2016:1139
REDHAT: RHSA-2016:1140