Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-7141

Published: 23 September 2014

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Notes

AuthorNote
mdeslaur
pinger utility only started shipping in saucy

Priority

Low

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
upstream Needs triage

lucid Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist

utopic Does not exist

squid3
Launchpad, Ubuntu, Debian
upstream Needs triage

lucid Not vulnerable
(code not shipped)
precise Not vulnerable
(code not shipped)
trusty Does not exist
(trusty was released [3.3.8-1ubuntu6.2])
utopic
Released (3.3.8-1ubuntu8.1)
Patches:
upstream: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13583 (trunk)
upstream: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11830 (3.2)