CVE-2010-0308
Published: 3 February 2010
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
Priority
Status
Package | Release | Status |
---|---|---|
squid Launchpad, Ubuntu, Debian |
dapper |
Released
(2.5.12-4ubuntu2.5)
|
hardy |
Released
(2.6.18-1ubuntu3.1)
|
|
intrepid |
Released
(2.7.STABLE3-1ubuntu2.2)
|
|
jaunty |
Released
(2.7.STABLE3-4.1ubuntu1.1)
|
|
karmic |
Released
(2.7.STABLE6-2ubuntu2.1)
|
|
lucid |
Released
(2.7.STABLE7-1ubuntu6)
|
|
maverick |
Released
(2.7.STABLE7-1ubuntu6)
|
|
natty |
Released
(2.7.STABLE7-1ubuntu6)
|
|
oneiric |
Released
(2.7.STABLE7-1ubuntu6)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch |
||
squid3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Released
(3.0.STABLE8-3+lenny4build0.9.04.1)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(3.0.STABLE19-1ubuntu0.2)
|
|
maverick |
Not vulnerable
(3.1.6-1.1ubuntu1)
|
|
natty |
Not vulnerable
(3.1.6-1.1ubuntu1)
|
|
oneiric |
Not vulnerable
(3.1.6-1.1ubuntu1)
|
|
upstream |
Released
(3.1.6-1.1)
|
|
Patches: upstream: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch upstream: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch |