CVE-2012-5643

Priority
Description
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and
3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow
remote attackers to cause a denial of service (memory consumption) via (1)
invalid Content-Length headers, (2) long POST requests, or (3) crafted
authentication credentials.
Notes
jdstrandplease see also see CVE-2013-0189 which is a new CVE for the
incomplete fix
sarnoldThe webserver should be configured to restrict access to
cachemgr.cgi; this script shouldn't be exposed to untrusted users
Package
Source: squid (LP Ubuntu Debian)
Upstream:released (3.2.4, 3.3.0.2)
Patches:
Upstream:http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch (3.1)
Upstream:http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch (3.2)
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
Package
Upstream:released (3.2.4, 3.3.0.2)
Patches:
Upstream:http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch (3.1)
Upstream:http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch (3.2)
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2019-12-05 21:01:27 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)