{"affected":[{"ecosystem_specific":{"binaries":[{"squid3":"3.1.23-8.16.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"squid3","purl":"pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.23-8.16.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"squid3":"3.1.23-8.16.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"squid3","purl":"pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.23-8.16.30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nThis update for squid3 fixes the following issues:\n\n- Multiple issues in pinger ICMP processing.  (CVE-2014-7141, CVE-2014-7142) \n\n- CVE-2016-3947: Buffer overrun issue in pinger\n    ICMPv6 processing. (bsc#973782)\n\n-  CVE-2016-4554: fix header smuggling issue in HTTP Request processing (bsc#979010)\n\n- Fix multiple Denial of Service issues in HTTP Response processing.\n    (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572,\n     bsc#968392, bsc#968393, bsc#968394, bsc#968395)\n- Regression caused by the DoS fixes above (bsc#993299)\n\n- CVE-2016-3948: Fix denial of service in HTTP Response processing (bsc#973783)\n\n- CVE-2016-4051: fixes buffer overflow in cachemgr.cgi (bsc#976553)\n\n- CVE-2016-4052, CVE-2016-4053, CVE-2016-4054:\n  * fixes multiple issues in ESI processing (bsc#976556)\n\n- CVE-2016-4556: fixes double free vulnerability in Esi.cc (bsc#979008)\n\n- CVE-2015-5400: Improper Protection of Alternate Path (bsc#938715)\n\n- CVE-2014-6270: fix off-by-one in snmp subsystem (bsc#895773)\n\n- Memory leak in squid3 when using external_acl (bsc#976708)\n","id":"SUSE-SU-2016:2089-1","modified":"2016-08-16T12:56:03Z","published":"2016-08-16T12:56:03Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162089-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/895773"},{"type":"REPORT","url":"https://bugzilla.suse.com/902197"},{"type":"REPORT","url":"https://bugzilla.suse.com/938715"},{"type":"REPORT","url":"https://bugzilla.suse.com/963539"},{"type":"REPORT","url":"https://bugzilla.suse.com/967011"},{"type":"REPORT","url":"https://bugzilla.suse.com/968392"},{"type":"REPORT","url":"https://bugzilla.suse.com/968393"},{"type":"REPORT","url":"https://bugzilla.suse.com/968394"},{"type":"REPORT","url":"https://bugzilla.suse.com/968395"},{"type":"REPORT","url":"https://bugzilla.suse.com/973782"},{"type":"REPORT","url":"https://bugzilla.suse.com/973783"},{"type":"REPORT","url":"https://bugzilla.suse.com/976553"},{"type":"REPORT","url":"https://bugzilla.suse.com/976556"},{"type":"REPORT","url":"https://bugzilla.suse.com/976708"},{"type":"REPORT","url":"https://bugzilla.suse.com/979008"},{"type":"REPORT","url":"https://bugzilla.suse.com/979009"},{"type":"REPORT","url":"https://bugzilla.suse.com/979010"},{"type":"REPORT","url":"https://bugzilla.suse.com/979011"},{"type":"REPORT","url":"https://bugzilla.suse.com/993299"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2011-3205"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2011-4096"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2012-5643"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-0188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-4115"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-6270"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-7141"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-7142"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5400"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2390"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2570"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2571"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2572"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3947"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3948"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4051"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4052"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4053"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4054"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4553"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4554"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4555"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4556"}],"related":["CVE-2011-3205","CVE-2011-4096","CVE-2012-5643","CVE-2013-0188","CVE-2013-4115","CVE-2014-0128","CVE-2014-6270","CVE-2014-7141","CVE-2014-7142","CVE-2015-5400","CVE-2016-2390","CVE-2016-2569","CVE-2016-2570","CVE-2016-2571","CVE-2016-2572","CVE-2016-3947","CVE-2016-3948","CVE-2016-4051","CVE-2016-4052","CVE-2016-4053","CVE-2016-4054","CVE-2016-4553","CVE-2016-4554","CVE-2016-4555","CVE-2016-4556"],"summary":"Security update for squid3","upstream":["CVE-2011-3205","CVE-2011-4096","CVE-2012-5643","CVE-2013-0188","CVE-2013-4115","CVE-2014-0128","CVE-2014-6270","CVE-2014-7141","CVE-2014-7142","CVE-2015-5400","CVE-2016-2390","CVE-2016-2569","CVE-2016-2570","CVE-2016-2571","CVE-2016-2572","CVE-2016-3947","CVE-2016-3948","CVE-2016-4051","CVE-2016-4052","CVE-2016-4053","CVE-2016-4054","CVE-2016-4553","CVE-2016-4554","CVE-2016-4555","CVE-2016-4556"]}