[Secure-testing-team] Bug#553319: CVE-2009-3826, CVE-2009-3700
Giuseppe Iuculano
iuculano at debian.org
Fri Oct 30 08:08:32 UTC 2009
Package: squidguard
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for squidguard.
CVE-2009-3826[0]:
| Multiple buffer overflows in squidGuard 1.4 allow remote attackers to
| bypass intended URL blocking via a long URL, related to (1) the
| relationship between a certain buffer size in squidGuard and a certain
| buffer size in Squid and (2) a redirect URL that contains information
| about the originally requested URL.
CVE-2009-3700[1]:
| Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
| attackers to cause a denial of service (application hang or loss of
| blocking functionality) via a long URL with many / (slash) characters,
| related to "emergency mode."
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3826
http://security-tracker.debian.org/tracker/CVE-2009-3826
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3700
http://security-tracker.debian.org/tracker/CVE-2009-3700
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrqnvwACgkQNxpp46476aosywCdG1RhnDUXFIt6fMam/qpeyhdy
C34AoIe1UrEymK7C9iJ6fZMe7WyT8oKu
=Lucd
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list