Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0128

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Related bugs and status

CVE-2014-0128 (Candidate) is related to these bugs:

Bug #1547640: proxy tries ipv6 and gets 503 when no ipv6 routes

		In	Importance	Status
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Trusty)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Xenial)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Wily)	Medium	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Precise)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.squid-cache...
SUSE: openSUSE-SU-2014:0513
SECUNIA: 57288
SECUNIA: 57889
CONFIRM: http://www.oracle.com/...
SUSE: SUSE-SU-2016:1996
SUSE: SUSE-SU-2016:2089
BID: 66112
SUSE: openSUSE-SU-2014:0559