Gentoo 2510 Published by

The following security updates has been released for Gentoo Linux: [ GLSA 201309-24 ] Xen: Multiple vulnerabilities, [ GLSA 201309-23 ] Mozilla Products: Multiple vulnerabilities, and [ GLSA 201309-22 ] Squid: Multiple vulnerabilities



[ GLSA 201309-24 ] Xen: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Xen: Multiple vulnerabilities
Date: September 27, 2013
Bugs: #385319, #386371, #420875, #431156, #454314, #464724,
#472214, #482860
ID: 201309-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Xen, allowing attackers on
a Xen Virtual Machine to execute arbitrary code, cause Denial of
Service, or gain access to data on the host.

Background
==========

Xen is a bare-metal hypervisor.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.2.2-r1 >= 4.2.2-r1
2 app-emulation/xen-tools < 4.2.2-r3 >= 4.2.2-r3
3 app-emulation/xen-pvgrub
< 4.2.2-r1 >= 4.2.2-r1
-------------------------------------------------------------------
3 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.

Impact
======

Guest domains could possibly gain privileges, execute arbitrary code,
or cause a Denial of Service on the host domain (Dom0). Additionally,
guest domains could gain information about other virtual machines
running on the same host or read arbitrary files on the host.

Workaround
==========

The CVEs listed below do not currently have fixes, but only apply to
Xen setups which have "tmem" specified on the hypervisor command line.
TMEM is not currently supported for use in production systems, and
administrators using tmem should disable it.
Relevant CVEs:
* CVE-2012-2497
* CVE-2012-6030
* CVE-2012-6031
* CVE-2012-6032
* CVE-2012-6033
* CVE-2012-6034
* CVE-2012-6035
* CVE-2012-6036

Resolution
==========

All Xen users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.2-r1"

All Xen-tools users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.2.2-r3"

All Xen-pvgrub users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/xen-pvgrub-4.2.2-r1"

References
==========

[ 1 ] CVE-2011-2901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2901
[ 2 ] CVE-2011-3262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262
[ 3 ] CVE-2011-3262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262
[ 4 ] CVE-2012-0217
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0217
[ 5 ] CVE-2012-0218
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0218
[ 6 ] CVE-2012-2934
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2934
[ 7 ] CVE-2012-3432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3432
[ 8 ] CVE-2012-3433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3433
[ 9 ] CVE-2012-3494
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494
[ 10 ] CVE-2012-3495
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495
[ 11 ] CVE-2012-3496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496
[ 12 ] CVE-2012-3497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497
[ 13 ] CVE-2012-3498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498
[ 14 ] CVE-2012-3515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515
[ 15 ] CVE-2012-4411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411
[ 16 ] CVE-2012-4535
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535
[ 17 ] CVE-2012-4536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536
[ 18 ] CVE-2012-4537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537
[ 19 ] CVE-2012-4538
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538
[ 20 ] CVE-2012-4539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539
[ 21 ] CVE-2012-5510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5510
[ 22 ] CVE-2012-5511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5511
[ 23 ] CVE-2012-5512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5512
[ 24 ] CVE-2012-5513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5513
[ 25 ] CVE-2012-5514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5514
[ 26 ] CVE-2012-5515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5515
[ 27 ] CVE-2012-5525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5525
[ 28 ] CVE-2012-5634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5634
[ 29 ] CVE-2012-6030
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030
[ 30 ] CVE-2012-6031
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031
[ 31 ] CVE-2012-6032
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032
[ 32 ] CVE-2012-6033
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033
[ 33 ] CVE-2012-6034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034
[ 34 ] CVE-2012-6035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035
[ 35 ] CVE-2012-6036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036
[ 36 ] CVE-2012-6075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6075
[ 37 ] CVE-2012-6333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6333
[ 38 ] CVE-2013-0151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0151
[ 39 ] CVE-2013-0152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0152
[ 40 ] CVE-2013-0153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0153
[ 41 ] CVE-2013-0154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0154
[ 42 ] CVE-2013-0215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0215
[ 43 ] CVE-2013-1432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1432
[ 44 ] CVE-2013-1917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1917
[ 45 ] CVE-2013-1918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1918
[ 46 ] CVE-2013-1919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1919
[ 47 ] CVE-2013-1920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1920
[ 48 ] CVE-2013-1922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1922
[ 49 ] CVE-2013-1952
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1952
[ 50 ] CVE-2013-1964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1964
[ 51 ] CVE-2013-2076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076
[ 52 ] CVE-2013-2077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2077
[ 53 ] CVE-2013-2078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078
[ 54 ] CVE-2013-2194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2194
[ 55 ] CVE-2013-2195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2195
[ 56 ] CVE-2013-2196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2196
[ 57 ] CVE-2013-2211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211
[ 58 ] Xen TMEM
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-24.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201309-23 ] Mozilla Products: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Mozilla Products: Multiple vulnerabilities
Date: September 27, 2013
Bugs: #450940, #458390, #460818, #464226, #469868, #474758,
#479968, #485258
ID: 201309-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.

Background
==========

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-client/thunderbird < 17.0.9 >= 17.0.9
2 www-client/firefox < 17.0.9 >= 17.0.9
3 www-client/seamonkey < 2.21 >= 2.21
4 mail-client/thunderbird-bin
< 17.0.9 >= 17.0.9
5 www-client/firefox-bin < 17.0.9 >= 17.0.9
6 www-client/seamonkey-bin
< 2.21 >= 2.21
-------------------------------------------------------------------
6 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox,
Thunderbird, and SeaMonkey. Please review the CVE identifiers
referenced below for details.

Impact
======

A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Further, a remote attacker could conduct
XSS attacks, spoof URLs, bypass address space layout randomization,
conduct clickjacking attacks, obtain potentially sensitive information,
bypass access restrictions, modify the local filesystem, or conduct
other unspecified attacks.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"

All users of the Mozilla Firefox binary package should upgrade to the
latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"

All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-17.0.9"

All SeaMonkey users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"

All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"

References
==========

[ 1 ] CVE-2013-0744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744
[ 2 ] CVE-2013-0745
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745
[ 3 ] CVE-2013-0746
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746
[ 4 ] CVE-2013-0747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747
[ 5 ] CVE-2013-0748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748
[ 6 ] CVE-2013-0749
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749
[ 7 ] CVE-2013-0750
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750
[ 8 ] CVE-2013-0751
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751
[ 9 ] CVE-2013-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752
[ 10 ] CVE-2013-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753
[ 11 ] CVE-2013-0754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754
[ 12 ] CVE-2013-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755
[ 13 ] CVE-2013-0756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756
[ 14 ] CVE-2013-0757
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757
[ 15 ] CVE-2013-0758
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758
[ 16 ] CVE-2013-0759
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759
[ 17 ] CVE-2013-0760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760
[ 18 ] CVE-2013-0761
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761
[ 19 ] CVE-2013-0762
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762
[ 20 ] CVE-2013-0763
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763
[ 21 ] CVE-2013-0764
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764
[ 22 ] CVE-2013-0765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765
[ 23 ] CVE-2013-0766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766
[ 24 ] CVE-2013-0767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767
[ 25 ] CVE-2013-0768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768
[ 26 ] CVE-2013-0769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769
[ 27 ] CVE-2013-0770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770
[ 28 ] CVE-2013-0771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771
[ 29 ] CVE-2013-0772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772
[ 30 ] CVE-2013-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773
[ 31 ] CVE-2013-0774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774
[ 32 ] CVE-2013-0775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775
[ 33 ] CVE-2013-0776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776
[ 34 ] CVE-2013-0777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777
[ 35 ] CVE-2013-0778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778
[ 36 ] CVE-2013-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779
[ 37 ] CVE-2013-0780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780
[ 38 ] CVE-2013-0781
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781
[ 39 ] CVE-2013-0782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782
[ 40 ] CVE-2013-0783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783
[ 41 ] CVE-2013-0784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784
[ 42 ] CVE-2013-0787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787
[ 43 ] CVE-2013-0788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788
[ 44 ] CVE-2013-0789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789
[ 45 ] CVE-2013-0791
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791
[ 46 ] CVE-2013-0792
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792
[ 47 ] CVE-2013-0793
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793
[ 48 ] CVE-2013-0794
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794
[ 49 ] CVE-2013-0795
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795
[ 50 ] CVE-2013-0796
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796
[ 51 ] CVE-2013-0797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797
[ 52 ] CVE-2013-0799
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799
[ 53 ] CVE-2013-0800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800
[ 54 ] CVE-2013-0801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801
[ 55 ] CVE-2013-1670
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670
[ 56 ] CVE-2013-1671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671
[ 57 ] CVE-2013-1674
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674
[ 58 ] CVE-2013-1675
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675
[ 59 ] CVE-2013-1676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676
[ 60 ] CVE-2013-1677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677
[ 61 ] CVE-2013-1678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678
[ 62 ] CVE-2013-1679
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679
[ 63 ] CVE-2013-1680
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680
[ 64 ] CVE-2013-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681
[ 65 ] CVE-2013-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682
[ 66 ] CVE-2013-1684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684
[ 67 ] CVE-2013-1687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687
[ 68 ] CVE-2013-1690
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690
[ 69 ] CVE-2013-1692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692
[ 70 ] CVE-2013-1693
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693
[ 71 ] CVE-2013-1694
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694
[ 72 ] CVE-2013-1697
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697
[ 73 ] CVE-2013-1701
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701
[ 74 ] CVE-2013-1702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702
[ 75 ] CVE-2013-1704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704
[ 76 ] CVE-2013-1705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705
[ 77 ] CVE-2013-1707
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707
[ 78 ] CVE-2013-1708
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708
[ 79 ] CVE-2013-1709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709
[ 80 ] CVE-2013-1710
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710
[ 81 ] CVE-2013-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711
[ 82 ] CVE-2013-1712
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712
[ 83 ] CVE-2013-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713
[ 84 ] CVE-2013-1714
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714
[ 85 ] CVE-2013-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717
[ 86 ] CVE-2013-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718
[ 87 ] CVE-2013-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719
[ 88 ] CVE-2013-1720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720
[ 89 ] CVE-2013-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722
[ 90 ] CVE-2013-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723
[ 91 ] CVE-2013-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724
[ 92 ] CVE-2013-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725
[ 93 ] CVE-2013-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726
[ 94 ] CVE-2013-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728
[ 95 ] CVE-2013-1730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730
[ 96 ] CVE-2013-1732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732
[ 97 ] CVE-2013-1735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735
[ 98 ] CVE-2013-1736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736
[ 99 ] CVE-2013-1737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737
[ 100 ] CVE-2013-1738
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-23.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



[ GLSA 201309-22 ] Squid: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Squid: Multiple vulnerabilities
Date: September 27, 2013
Bugs: #261208, #389133, #447596, #452584, #461492, #476562, #476960
ID: 201309-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Squid, possibly resulting
in remote Denial of Service.

Background
==========

Squid is a full-featured web proxy cache.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-proxy/squid < 3.2.13 >= 3.2.13

Description
===========

Multiple vulnerabilities have been discovered in Squid. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker may be able to bypass ACL restrictions or cause a
Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Squid users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/squid-3.2.13"

References
==========

[ 1 ] CVE-2009-0801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0801
[ 2 ] CVE-2011-4096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4096
[ 3 ] CVE-2012-5643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5643
[ 4 ] CVE-2013-0189
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0189
[ 5 ] CVE-2013-1839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1839
[ 6 ] CVE-2013-4115
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4115
[ 7 ] CVE-2013-4123
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4123

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-22.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5