CVE-2016-3948

Related Files

Ubuntu Security Notice USN-5771-1

Posted Dec 12, 2022

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5771-1 - USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression which could cause the cache log to be filled with many Vary loop messages. This update fixes the problem. Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS.

tags | advisory, remote, denial of service, vulnerability

systems | linux, ubuntu

advisories | CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-3948, CVE-2018-1000024, CVE-2018-1000027

SHA-256 | 18a8aac17d2340eed70314b685221fc08c8fa291d4e28e008072aa320c633084

Download | Favorite | View

Ubuntu Security Notice USN-3557-1

Posted Feb 5, 2018

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3557-1 - Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-3948, CVE-2018-1000024, CVE-2018-1000027

SHA-256 | b169b09181988235b7219070211a4eb39cb8db8a12d583c3e7373490239320ac

Download | Favorite | View

Red Hat Security Advisory 2016-2600-02

Posted Nov 4, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2600-02 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid. Security Fix: Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.

tags | advisory, web

systems | linux, redhat

advisories | CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, CVE-2016-3948

SHA-256 | 5857220b4f3365cf00860fe5f394f9ca6eb5325478cdc5ace61d975e958a56fd

Download | Favorite | View

Gentoo Linux Security Advisory 201607-01

Posted Jul 8, 2016

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-1 - Multiple vulnerabilities have been found in Squid, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 3.5.19 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2014-6270, CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, CVE-2016-3947, CVE-2016-3948, CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556

SHA-256 | f3ed5792a89c6aee3d29169c951a32dfbcc2492998847681a69bf92922eb71d4

Download | Favorite | View