CVE-2010-0308

Publication date 3 February 2010

Last updated 24 July 2024

Ubuntu priority

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
squid	11.10 oneiric	Fixed 2.7.STABLE7-1ubuntu6
	11.04 natty	Fixed 2.7.STABLE7-1ubuntu6
	10.10 maverick	Fixed 2.7.STABLE7-1ubuntu6
	10.04 LTS lucid	Fixed 2.7.STABLE7-1ubuntu6
	9.10 karmic	Fixed 2.7.STABLE6-2ubuntu2.1
	9.04 jaunty	Fixed 2.7.STABLE3-4.1ubuntu1.1
	8.10 intrepid	Fixed 2.7.STABLE3-1ubuntu2.2
	8.04 LTS hardy	Fixed 2.6.18-1ubuntu3.1
	6.06 LTS dapper	Fixed 2.5.12-4ubuntu2.5
squid3	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Fixed 3.0.STABLE19-1ubuntu0.2
	9.10 karmic	Ignored end of life
	9.04 jaunty	Fixed 3.0.STABLE8-3+lenny4build0.9.04.1
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
squid	Upstream: http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch
squid3	Upstream: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch Upstream: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch

References

Related Ubuntu Security Notices (USN)

USN-901-1
Squid vulnerabilities
16 February 2010

CVE-2010-0308

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references