FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  485425
Date:      2018-11-20
Time:      10:23:04Z
Committer: krion

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d3324c55-3f11-11e4-ad16-001999f8d30bsquid -- Buffer overflow in SNMP processing

The squid-cache project reports:

Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer.


Discovery 2014-09-15
Entry 2014-09-18
squid
lt 3.4.8

squid32
gt 0

squid33
lt 3.3.13_2

http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
CVE-2014-6270
d5b6d151-1887-11e8-94f7-9c5c8e75236asquid -- Vulnerable to Denial of Service attack

Louis Dion-Marcil reports:

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses.

This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service.

Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue.

This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem.

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates.

This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service.


Discovery 2017-12-13
Entry 2018-02-23
squid
lt 3.5.27_3

squid-devel
lt 4.0.23

http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024
CVE-2018-1000027
https://www.debian.org/security/2018/dsa-4122
ports/226138
e4dac715-c818-11df-a92c-0015587e2cc1squid -- Denial of service vulnerability in request handling

Squid security advisory 2010:3 reports:

Due to an internal error in string handling Squid is vulnerable to a denial of service attack when processing specially crafted requests.

This problem allows any trusted client to perform a denial of service attack on the Squid service.


Discovery 2010-08-30
Entry 2010-09-24
squid
ge 3.0.1 lt 3.0.25_3

ge 3.1.0.1 lt 3.1.8

CVE-2010-3072
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
e05bfc92-0763-11e6-94fa-002590263bf5squid -- multiple vulnerabilities

Squid security advisory 2016:5 reports:

Due to incorrect buffer management Squid cachemgr.cgi tool is vulnerable to a buffer overflow when processing remotely supplied inputs relayed to it from Squid.

This problem allows any client to seed the Squid manager reports with data that will cause a buffer overflow when processed by the cachemgr.cgi tool. However, this does require manual administrator actions to take place. Which greatly reduces the impact and possible uses.

Squid security advisory 2016:6 reports:

Due to buffer overflow issues Squid is vulnerable to a denial of service attack when processing ESI responses. Due to incorrect input validation Squid is vulnerable to public information disclosure of the server stack layout when processing ESI responses. Due to incorrect input validation and buffer overflow Squid is vulnerable to remote code execution when processing ESI responses.

These problems allow ESI components to be used to perform a denial of service attack on the Squid service and all other services on the same machine. Under certain build conditions these problems allow remote clients to view large sections of the server memory. However, the bugs are exploitable only if you have built and configured the ESI features to be used by a reverse-proxy and if the ESI components being processed by Squid can be controlled by an attacker.


Discovery 2016-04-20
Entry 2016-04-21
squid
lt 3.5.17

CVE-2016-4051
CVE-2016-4052
CVE-2016-4053
CVE-2016-4054
ports/208939
http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
e4dac715-c818-11df-a92c-0015587e2cc1squid -- Denial of service vulnerability in request handling

Squid security advisory 2010:3 reports:

Due to an internal error in string handling Squid is vulnerable to a denial of service attack when processing specially crafted requests.

This problem allows any trusted client to perform a denial of service attack on the Squid service.


Discovery 2010-08-30
Entry 2010-09-24
squid
ge 3.0.1 lt 3.0.25_3

ge 3.1.0.1 lt 3.1.8

CVE-2010-3072
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
297117ba-f92d-11e5-92ce-002590263bf5squid -- multiple vulnerabilities

Squid security advisory 2016:3 reports:

Due to a buffer overrun Squid pinger binary is vulnerable to denial of service or information leak attack when processing ICMPv6 packets.

This bug also permits the server response to manipulate other ICMP and ICMPv6 queries processing to cause information leak.

This bug allows any remote server to perform a denial of service attack on the Squid service by crashing the pinger. This may affect Squid HTTP routing decisions. In some configurations, sub-optimal routing decisions may result in serious service degradation or even transaction failures.

If the system does not contain buffer-overrun protection leading to that crash this bug will instead allow attackers to leak arbitrary amounts of information from the heap into Squid log files. This is of higher importance than usual because the pinger process operates with root priviliges.

Squid security advisory 2016:4 reports:

Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.

This problem allows a malicious client script and remote server delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing the Squid service.


Discovery 2016-03-28
Entry 2016-04-02
squid
lt 3.5.16

CVE-2016-3947
CVE-2016-3948
ports/208463
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
660ebbf5-daeb-11e5-b2bd-002590263bf5squid -- remote DoS in HTTP response processing

Squid security advisory 2016:2 reports:

Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.

These problems allow remote servers delivering certain unusual HTTP response syntax to trigger a denial of service for all clients accessing the Squid service.

HTTP responses containing malformed headers that trigger this issue are becoming common. We are not certain at this time if that is a sign of malware or just broken server scripting.


Discovery 2016-02-24
Entry 2016-02-24
Modified 2016-02-28
squid
lt 3.5.15

CVE-2016-2569
CVE-2016-2570
CVE-2016-2571
ports/207454
http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
http://www.openwall.com/lists/oss-security/2016/02/24/12
41f8af15-c8b9-11e6-ae1b-002590263bf5squid -- multiple vulnerabilities

Squid security advisory 2016:10 reports:

Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached.

This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources. This problem only affects Squid configured to use the Collapsed Forwarding feature. It is of particular importance for HTTPS reverse-proxy sites with Collapsed Forwarding.

Squid security advisory 2016:11 reports:

Due to incorrect HTTP conditional request handling Squid can deliver responses containing private data to clients it should not have reached.

This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources..


Discovery 2016-12-16
Entry 2016-12-23
squid
ge 3.1 lt 3.5.23

squid-devel
ge 4.0 lt 4.0.17

CVE-2016-10002
CVE-2016-10003
ports/215416
ports/215418
http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
c37de843-488e-11e2-a5c9-0019996bc1f7squid -- denial of service

Squid developers report:

Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests.

This problem allows any client able to reach the cachemgr.cgi to perform a denial of service attack on the service host.

The nature of the attack may cause secondary effects through resource consumption on the host server.


Discovery 2012-12-17
Entry 2012-12-28
Modified 2013-05-02
squid
lt 2.7.9_4

ge 3.1 lt 3.1.23

ge 3.2 lt 3.2.6

ge 3.3 lt 3.3.0.3

CVE-2012-5643
CVE-2013-0189
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
25e5205b-1447-11e6-9ead-6805ca0b3d42squid -- multiple vulnerabilities

The squid development team reports:

Please reference CVE/URL list for details


Discovery 2016-05-06
Entry 2016-05-07
Modified 2016-05-09
squid
ge 3.0.0 lt 3.5.18

squid-devel
ge 4.0.0 lt 4.0.10

CVE-2016-4553
CVE-2016-4554
CVE-2016-4555
CVE-2016-4556
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
http://www.squid-cache.org/Advisories/SQUID-2016_8.txt
http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
150d1538-23fa-11e5-a4a5-002590263bf5squid -- Improper Protection of Alternate Path with CONNECT requests

Squid security advisory 2015:2 reports:

Squid configured with cache_peer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses.

The bug is important because it allows remote clients to bypass security in an explicit gateway proxy.

However, the bug is exploitable only if you have configured cache_peer to receive CONNECT requests.


Discovery 2015-07-06
Entry 2015-07-06
Modified 2015-07-17
squid
lt 3.5.6

http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
CVE-2015-5400