bug-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47142: squid package vulnerable to CVE-2021-28116


From: Mark H Weaver
Subject: bug#47142: squid package vulnerable to CVE-2021-28116
Date: Sun, 14 Mar 2021 17:34:38 -0400

I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten.

      Mark

-------------------- Start of forwarded message --------------------
Subject: squid package vulnerable to CVE-2021-28116
From: Léo Le Bouter <lle-bout@zaclys.net>
To: guix-devel@gnu.org
Date: Wed, 10 Mar 2021 01:22:51 +0100

CVE-2021-28116  09.03.21 23:15
Squid through 4.14 and 5.x through 5.0.5, in some configurations,
allows information disclosure because of an out-of-bounds read in WCCP
protocol data. This can be leveraged as part of a chain for remote code
execution as nobody.

Upstream did not release a patch yet. CVE entry to be monitored for a
fix.

https://www.zerodayinitiative.com/advisories/ZDI-21-157/ - says it is a
low impact issue.

Attachment: signature.asc
Description: This is a digitally signed message part

-------------------- End of forwarded message --------------------

reply via email to

[Prev in Thread] Current Thread [Next in Thread]