Test ID:	1.3.6.1.4.1.25623.1.0.70787
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201110-24 (Squid)
Summary:	The remote host is missing updates announced in;advisory GLSA 201110-24.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 201110-24. Vulnerability Insight: Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a Denial of Service. Solution: All squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-proxy/squid-3.1.15' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2621 BugTraq ID: 35812 http://www.securityfocus.com/bid/35812 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securitytracker.com/id?1022607 http://secunia.com/advisories/36007 http://www.vupen.com/english/advisories/2009/2013 Common Vulnerability Exposure (CVE) ID: CVE-2009-2622 Common Vulnerability Exposure (CVE) ID: CVE-2009-2855 BugTraq ID: 36091 http://www.securityfocus.com/bid/36091 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982 http://www.squid-cache.org/bugs/show_bug.cgi?id=2704 http://www.openwall.com/lists/oss-security/2009/07/20/10 http://www.openwall.com/lists/oss-security/2009/08/03/3 http://www.openwall.com/lists/oss-security/2009/08/04/6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592 http://www.securitytracker.com/id?1022757 XForce ISS Database: squid-strlistgetitem-dos(52610) https://exchange.xforce.ibmcloud.com/vulnerabilities/52610 Common Vulnerability Exposure (CVE) ID: CVE-2010-0308 1023520 http://www.securitytracker.com/id?1023520 37522 http://www.securityfocus.com/bid/37522 38451 http://secunia.com/advisories/38451 38455 http://secunia.com/advisories/38455 62044 http://osvdb.org/62044 ADV-2010-0260 http://www.vupen.com/english/advisories/2010/0260 http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch oval:org.mitre.oval:def:11270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270 squid-dns-dos(56001) https://exchange.xforce.ibmcloud.com/vulnerabilities/56001 Common Vulnerability Exposure (CVE) ID: CVE-2010-0639 BugTraq ID: 38212 http://www.securityfocus.com/bid/38212 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html http://bugs.squid-cache.org/show_bug.cgi?id=2858 http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch http://osvdb.org/62297 http://www.securitytracker.com/id?1023587 http://secunia.com/advisories/38812 http://www.vupen.com/english/advisories/2010/0371 http://www.vupen.com/english/advisories/2010/0603 Common Vulnerability Exposure (CVE) ID: CVE-2010-2951 [oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present http://www.openwall.com/lists/oss-security/2010/08/24/6 [oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present http://www.openwall.com/lists/oss-security/2010/08/24/7 http://www.openwall.com/lists/oss-security/2010/08/25/2 http://www.openwall.com/lists/oss-security/2010/08/25/6 [squid-users] 20100824 Squid 3.1.7 is available http://marc.info/?l=squid-users&m=128263555724981&w=2 http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 http://bugs.gentoo.org/show_bug.cgi?id=334263 http://bugs.squid-cache.org/show_bug.cgi?id=3009 http://bugs.squid-cache.org/show_bug.cgi?id=3021 http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch https://bugzilla.redhat.com/show_bug.cgi?id=626927 Common Vulnerability Exposure (CVE) ID: CVE-2010-3072 41298 http://secunia.com/advisories/41298 41477 http://secunia.com/advisories/41477 41534 http://secunia.com/advisories/41534 42982 http://www.securityfocus.com/bid/42982 ADV-2010-2433 http://www.vupen.com/english/advisories/2010/2433 DSA-2111 http://www.debian.org/security/2010/dsa-2111 FEDORA-2010-14222 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html FEDORA-2010-14236 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html [oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) http://www.openwall.com/lists/oss-security/2010/09/05/2 [oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) http://www.openwall.com/lists/oss-security/2010/09/07/7 http://www.squid-cache.org/Advisories/SQUID-2010_3.txt http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch https://bugzilla.redhat.com/show_bug.cgi?id=630444 Common Vulnerability Exposure (CVE) ID: CVE-2011-3205 1025981 http://securitytracker.com/id?1025981 45805 http://secunia.com/advisories/45805 45906 http://secunia.com/advisories/45906 45920 http://secunia.com/advisories/45920 45965 http://secunia.com/advisories/45965 46029 http://secunia.com/advisories/46029 49356 http://www.securityfocus.com/bid/49356 74847 http://www.osvdb.org/74847 DSA-2304 http://www.debian.org/security/2011/dsa-2304 FEDORA-2011-11854 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html MDVSA-2011:150 http://www.mandriva.com/security/advisories?name=MDVSA-2011:150 RHSA-2011:1293 http://www.redhat.com/support/errata/RHSA-2011-1293.html SUSE-SU-2011:1019 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html SUSE-SU-2016:1996 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SUSE-SU-2016:2089 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html [oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/29/2 [oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/30/4 http://openwall.com/lists/oss-security/2011/08/30/8 http://www.squid-cache.org/Advisories/SQUID-2011_3.txt http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch https://bugzilla.redhat.com/show_bug.cgi?id=734583 openSUSE-SU-2011:1018 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.