FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-20 14:15:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d5b6d151-1887-11e8-94f7-9c5c8e75236a	squid -- Vulnerable to Denial of Service attack Louis Dion-Marcil reports: Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue. This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem. Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates. This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service. Discovery 2017-12-13 Entry 2018-02-23 squid < 3.5.27_3 squid-devel < 4.0.23 http://www.squid-cache.org/Advisories/SQUID-2018_1.txt http://www.squid-cache.org/Advisories/SQUID-2018_2.txt CVE-2018-1000024 CVE-2018-1000027 https://www.debian.org/security/2018/dsa-4122 ports/226138
41f8af15-c8b9-11e6-ae1b-002590263bf5	squid -- multiple vulnerabilities Squid security advisory 2016:10 reports: Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources. This problem only affects Squid configured to use the Collapsed Forwarding feature. It is of particular importance for HTTPS reverse-proxy sites with Collapsed Forwarding. Squid security advisory 2016:11 reports: Due to incorrect HTTP conditional request handling Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources.. Discovery 2016-12-16 Entry 2016-12-23 squid >= 3.1 lt 3.5.23 squid-devel >= 4.0 lt 4.0.17 CVE-2016-10002 CVE-2016-10003 ports/215416 ports/215418 http://www.squid-cache.org/Advisories/SQUID-2016_10.txt http://www.squid-cache.org/Advisories/SQUID-2016_11.txt

VuXML ID

Description

d5b6d151-1887-11e8-94f7-9c5c8e75236a

squid -- Vulnerable to Denial of Service attack

Louis Dion-Marcil reports:

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses.

This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service.

Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue.

This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem.

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates.

This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service.

Discovery 2017-12-13
Entry 2018-02-23
squid

< 3.5.27_3

squid-devel

< 4.0.23

http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024
CVE-2018-1000027
https://www.debian.org/security/2018/dsa-4122
ports/226138

41f8af15-c8b9-11e6-ae1b-002590263bf5

squid -- multiple vulnerabilities

Squid security advisory 2016:10 reports:

Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached.

This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources. This problem only affects Squid configured to use the Collapsed Forwarding feature. It is of particular importance for HTTPS reverse-proxy sites with Collapsed Forwarding.

Squid security advisory 2016:11 reports:

Due to incorrect HTTP conditional request handling Squid can deliver responses containing private data to clients it should not have reached.

This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources..

Discovery 2016-12-16
Entry 2016-12-23
squid

>= 3.1 lt 3.5.23

squid-devel

>= 4.0 lt 4.0.17

CVE-2016-10002
CVE-2016-10003
ports/215416
ports/215418
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
http://www.squid-cache.org/Advisories/SQUID-2016_11.txt