{"id":"MGASA-2013-0228","summary":"Updated squid packages fix security vulnerabilities","details":"Due to incorrect data validation Squid is vulnerable to a buffer overflow\nattack when processing specially crafted HTTP requests. This problem allows\nany trusted client or client script who can generate HTTP requests to trigger\na buffer overflow in Squid, resulting in a termination of the Squid service\n(CVE-2013-4115).\n\nDue to incorrect data validation Squid is vulnerable to a denial of service\nattack when processing specially crafted HTTP requests. This problem allows\nany client who can generate HTTP requests to perform a denial of service\nattack on the Squid service (CVE-2013-4123).\n\nAlso, due to being renamed in Squid 3.2, the Squid external acl helpers for\nmatching against IP addresses and LDAP groups were not selected to be built\nin the squid package for Mageia 3.\n\nThis has been corrected and these helpers are now included.  Additionally,\nthe helpers for eDirectory IP address lookups and matching LDAP groups using\nKerberos credentials have also been included.\n","modified":"2026-04-16T06:25:58.294820597Z","published":"2013-07-21T20:18:36Z","upstream":["CVE-2013-4115","CVE-2013-4123"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0228.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10516"},{"type":"WEB","url":"http://www.squid-cache.org/Advisories/SQUID-2013_2.txt"},{"type":"WEB","url":"http://www.squid-cache.org/Advisories/SQUID-2013_3.txt"},{"type":"WEB","url":"ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.2/squid-3.2.0.9-RELEASENOTES.html#ss2.4"},{"type":"WEB","url":"http://www.squid-cache.org/Doc/man/"}],"affected":[{"package":{"name":"squid","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/squid?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.10-1.4.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0228.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}