CVE-2011-4096

Published: 17 November 2011

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

Priority

Status

Package	Release	Status
squid3 Launchpad, Ubuntu, Debian	hardy	Not vulnerable (code not present)
	lucid	Not vulnerable (code not present)
	maverick	Released (3.1.6-1.1ubuntu1.2)
	natty	Released (3.1.11-1ubuntu0.1)
	oneiric	Released (3.1.14-1ubuntu0.1)
	upstream	Released (3.1.16-1)
	Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-1791.html vendor: http://www.debian.org/security/2012/dsa-2381

References

https://www.cve.org/CVERecord?id=CVE-2011-4096
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.