Home > Security > Advisories


Mandriva Advisories

Package name squid
Date July 25th, 2001
Advisory ID MDKSA-2001:066
Affected versions 7.1, 7.2, 8.0, CS1.0
Synopsis Updated squid packages fix httpd_accel_with_proxy vulnerability

Problem Description

The Squid proxy server has a serious security flaw in versions
2.3.STABLE2 through 2.3.STABLE4. This problem surfaces when Squid is
used in httpd_accel mode. If you configure http_accel_with_proxy off
then any request to Squid is allowed. Malicious users may use your
proxy to portscan remote systems, forge email, and other activities.

Updated Packages

Mandrakelinux 7.1

 ab9c855a6d238e5dff3e3561d5949d94  7.1/RPMS/squid-2.3.STABLE5-1.3mdk.i586.rpm
8a417c3fac5aa588951193d2999e9fda  7.1/SRPMS/squid-2.3.STABLE5-1.3mdk.src.rpm

Mandrakelinux 7.2

 0011049a6467f54c535748774d412044  7.2/RPMS/squid-2.3.STABLE5-1.2mdk.i586.rpm
47146b1ac324f9c6b4bfa53eebcfe4d4  7.2/SRPMS/squid-2.3.STABLE5-1.2mdk.src.rpm

Mandrakelinux 8.0

 14153011ab7acbd47931cf9132668c66  8.0/RPMS/squid-2.3.STABLE5-1.1mdk.i586.rpm
9d8bffce51ee9956f0427ccdb622e68a  8.0/SRPMS/squid-2.3.STABLE5-1.1mdk.src.rpm

Corporate Server 1.0.1

 ab9c855a6d238e5dff3e3561d5949d94  1.0.1/RPMS/squid-2.3.STABLE5-1.3mdk.i586.rpm
8a417c3fac5aa588951193d2999e9fda  1.0.1/SRPMS/squid-2.3.STABLE5-1.3mdk.src.rpm




To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.