|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2004-0832: CVE-2004-0832DoS in squid NTLM authentication | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Ludwig Nussel <lnussel> |
| Component: | Incidents | Assignee: | Ludwig Nussel <lnussel> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2004-0832: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
/work/src/done/PATCHINFO/squid.patch.box
/work/src/done/PATCHINFO/squid.patch.maintained |
||
|
Description
Ludwig Nussel
2004-09-03 23:18:01 UTC
Yes, I updated STABLE recently. :-) According to Heise all of our maintained versions are affected. According to the specfiles (grep'ed for ntlm :-), 2.5.STABLE1 and later is affected: SuLi 8.2, 8.3, 9.0, 9.1, SLES9, and maybe other products? Bad news: I don't know how important that stuff is, but I don't have enough time to fix it within this week (2004-09-06 - 2004-09-12). CAN-2004-0832 Patches made and submited. Patch-management: I don't have a Windows, so I cannot test. Please test any version. TIA. Security-team: please handle rest of process: putonftp, patchinfo, etc. Created attachment 23302 [details]
/work/src/done/PATCHINFO/squid.patch.box
8.2,9.0,9.1
Created attachment 23303 [details]
/work/src/done/PATCHINFO/squid.patch.maintained
sles9
reassigned to Ludwig for the ease of tracking this issue. packages were approved... CVE-2004-0832: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) |