Launchpad CVE tracker

CVE 2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Related bugs and status

CVE-2014-7142 (Candidate) is related to these bugs:

Bug #1214379: pinger crashed with SIGSEGV in malloc_consolidate()

Summary				In	Importance	Status
	1214379	pinger crashed with SIGSEGV in malloc_consolidate()		squid3 (Ubuntu)	Medium	Fix Released
	1214379	pinger crashed with SIGSEGV in malloc_consolidate()		Squid	Unknown	Unknown

Bug #1384943: [SRU] Pinger crashes with segfault in libc

		In	Importance	Status
1384943	[SRU] Pinger crashes with segfault in libc	squid3 (Ubuntu)	Undecided	Fix Released
1384943	[SRU] Pinger crashes with segfault in libc	squid3 (Ubuntu Trusty)	Undecided	Fix Released
1384943	[SRU] Pinger crashes with segfault in libc	squid3 (Ubuntu Utopic)	Undecided	Fix Released

Bug #1473691: [FFe] squid: Update to latest upstream release (3.5)

Summary				In	Importance	Status
	1473691	[FFe] squid: Update to latest upstream release (3.5)		squid3 (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-7142

References