Advisories

Mandriva Advisories

Package name	squid
Date	April 16th, 2002
Advisory ID	MDKSA-2002:027
Affected versions	7.1, 7.2, 8.0, 8.1, 8.2, CS1.0
Synopsis	Updated squid packages fix DoS vulnerability

Problem Description

A security issue has recently been found and fixed in the Squid-2.X
releases up to and including 2.4.STABLE4.

Error and boundary conditions were not checked when handling compressed
DNS answer messages in the internal DNS code (lib/rfc1035.c). A
malicous DNS server could craft a DNS reply that causes Squid to exit
with a SIGSEGV.

Updated Packages

Mandrakelinux 7.1

 a8521febeb22c7a61d39fc03694ce8fa  7.1/RPMS/squid-2.4.STABLE6-1.3mdk.i586.rpm
b6277223c10037008cc296ed4246c2fa  7.1/SRPMS/squid-2.4.STABLE6-1.3mdk.src.rpm

Mandrakelinux 7.2

 07b6200cb3429e12fa17c55d0905c098  7.2/RPMS/squid-2.4.STABLE6-1.3mdk.i586.rpm
b6277223c10037008cc296ed4246c2fa  7.2/SRPMS/squid-2.4.STABLE6-1.3mdk.src.rpm

Mandrakelinux 8.0

 4f19e1c8f64f4c42cbffdb493dd8aef0  8.0/RPMS/squid-2.4.STABLE6-1.2mdk.i586.rpm
501b0506b806ec4e1621d772ed35f8c2  8.0/SRPMS/squid-2.4.STABLE6-1.2mdk.src.rpm

Mandrakelinux 8.0/PPC

 6edade11924a82f716b41ab113ff158f  ppc/8.0/RPMS/squid-2.4.STABLE6-1.2mdk.ppc.rpm
501b0506b806ec4e1621d772ed35f8c2  ppc/8.0/SRPMS/squid-2.4.STABLE6-1.2mdk.src.rpm

Mandrakelinux 8.1

 92dd6f13a2cc1e67159a35f195788ce3  8.1/RPMS/squid-2.4.STABLE6-1.1mdk.i586.rpm
ffa0862cb28670c146aa60c3ddfffd89  8.1/SRPMS/squid-2.4.STABLE6-1.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 5090519d39c53bfef418e5cf06835c97  ia64/8.1/RPMS/squid-2.4.STABLE6-1.1mdk.ia64.rpm
ffa0862cb28670c146aa60c3ddfffd89  ia64/8.1/SRPMS/squid-2.4.STABLE6-1.1mdk.src.rpm

Mandrakelinux 8.2

 48854ffb620b739d98bf2a4d93aa761e  8.2/RPMS/squid-2.4.STABLE6-1.1mdk.i586.rpm
ffa0862cb28670c146aa60c3ddfffd89  8.2/SRPMS/squid-2.4.STABLE6-1.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 56232a6132d8761f53c93f8bbc9a5127  ppc/8.2/RPMS/squid-2.4.STABLE6-1.1mdk.ppc.rpm
ffa0862cb28670c146aa60c3ddfffd89  ppc/8.2/SRPMS/squid-2.4.STABLE6-1.1mdk.src.rpm

Corporate Server 1.0.1

 a8521febeb22c7a61d39fc03694ce8fa  1.0.1/RPMS/squid-2.4.STABLE6-1.3mdk.i586.rpm
b6277223c10037008cc296ed4246c2fa  1.0.1/SRPMS/squid-2.4.STABLE6-1.3mdk.src.rpm

References

http://www.squid-cache.org/Advisories/SQUID-2002_2.txt

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer