[Bug 907686] [NEW] CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series
Mahyuddin Susanto
saya at udienz.web.id
Thu Dec 22 09:13:44 UTC 2011
Public bug reported:
Description:
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through
3.1.0.15 allows remote attackers to cause a denial of service (assertion
failure) via a crafted DNS packet that only contains a header.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0308
http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
http://www.ubuntu.com/usn/usn-901-1
Upstream patch:
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch
** Affects: squid3 (Ubuntu)
Importance: Undecided
Assignee: Mahyuddin Susanto (udienz)
Status: In Progress
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0308
** Changed in: squid3 (Ubuntu)
Status: New => In Progress
** Changed in: squid3 (Ubuntu)
Assignee: (unassigned) => Mahyuddin Susanto (udienz)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
https://bugs.launchpad.net/bugs/907686
Title:
CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that
only contains header in lucid series
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907686/+subscriptions
More information about the Ubuntu-server-bugs
mailing list