Launchpad CVE tracker

CVE 2016-3947

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

Related bugs and status

CVE-2016-3947 (Candidate) is related to these bugs:

Bug #1391159: squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl

Summary				In	Importance	Status
	1391159	squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl		squid3 (Ubuntu)	Undecided	Fix Released
	1391159	squid3 is not built with helper /usr/lib/squid3/ext_time_quota_acl		squid3 (Debian)	Undecided	Fix Released

Bug #1644538: Please sync Squid 3.5 latest from Debian

Summary				In	Importance	Status
	1644538	Please sync Squid 3.5 latest from Debian		squid3 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.squid-cache...
CONFIRM: http://www.squid-cache...
CONFIRM: http://www.squid-cache...
CONFIRM: http://www.squid-cache...
CONFIRM: http://www.squid-cache...
CONFIRM: http://www.squid-cache...
SECTRACK: 1035457
UBUNTU: USN-2995-1
GENTOO: GLSA-201607-01
SUSE: openSUSE-SU-2016:2081
SUSE: SUSE-SU-2016:1996
SUSE: SUSE-SU-2016:2089

Launchpad.net

CVE 2016-3947

Related bugs and status

Related bugs

References