CVE-2014-7142
Published: 23 September 2014
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
Notes
Author | Note |
---|---|
mdeslaur | pinger utility only started shipping in saucy |
Priority
Status
Package | Release | Status |
---|---|---|
squid Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
(code not present)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
utopic |
Does not exist
|
|
squid3 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
(code not shipped)
|
|
precise |
Not vulnerable
(code not shipped)
|
|
trusty |
Does not exist
(trusty was released [3.3.8-1ubuntu6.2])
|
|
utopic |
Released
(3.3.8-1ubuntu8.1)
|
|
Patches: upstream: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13583 (trunk) upstream: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11830 (3.2) |