SUSE-SU-2014:0569-1: moderate: Security update for squid3
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Apr 24 17:07:54 MDT 2014
SUSE Security Update: Security update for squid3
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0569-1
Rating: moderate
References: #677335 #867533
Cross-References: CVE-2014-0128
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
A remote DoS attack in the Squid web proxy has been fixed.
Due to incorrect state management, Squid was vulnerable to
a denial of service attack when processing certain HTTPS
requests (CVE-2014-0128).
For more information see
http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
<http://www.squid-cache.org/Advisories/SQUID-2014_1.txt> .
Additionally, a bug in the logrotate configuration file has
been fixed. The 'su' statement was moved into the
'logfile' section (bnc#677335).
Security Issue reference:
* CVE-2014-0128
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0128
>
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-squid3-9138
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-squid3-9138
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
squid3-3.1.12-8.16.18.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
squid3-3.1.12-8.16.18.1
References:
http://support.novell.com/security/cve/CVE-2014-0128.html
https://bugzilla.novell.com/677335
https://bugzilla.novell.com/867533
http://download.suse.com/patch/finder/?keywords=14a8781e229fe9480bf4955e3c10906e
More information about the sle-security-updates
mailing list