This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Updated squid packages fix security vulnerabilities :
Due to incorrect state management, Squid before 3.3.12 is vulnerable
to a denial of service attack when processing certain HTTPS requests
if the SSL-Bump feature is enabled (CVE-2014-0128).
Matthew Daley discovered that Squid 3 did not properly perform input
validation in request parsing. A remote attacker could send crafted
Range requests to cause a denial of service (CVE-2014-3609).
Due to incorrect buffer management Squid can be caused by an attacker
to write outside its allocated SNMP buffer (CVE-2014-6270).
Due to incorrect bounds checking Squid pinger binary is vulnerable to
denial of service or information leak attack when processing larger
than normal ICMP or ICMPv6 packets (CVE-2014-7141).
Due to incorrect input validation Squid pinger binary is vulnerable to
denial of service or information leak attacks when processing ICMP or
ICMPv6 packets (CVE-2014-7142).
See also :
Update the affected squid and / or squid-cachemgr packages.
Risk factor :
Medium / CVSS Base Score : 6.8