Advisories

Mandriva Advisories

Package name	squid
Date	September 12th, 2005
Advisory ID	MDKSA-2005:162
Affected versions	10.1, CS2.1, CS3.0, MNF2.0, 10.2
Synopsis	Updated squid packages fix vulnerabilities

Problem Description

Two vulnerabilities were recently discovered in squid:

The first is a DoS possible via certain aborted requests that trigger
an assertion error related to "STOP_PENDING" (CAN-2005-2794).

The second is a DoS caused by certain crafted requests and SSL timeouts
(CAN-2005-2796).

The updated packages have been patched to address these issues.

Updated Packages

Mandrakelinux 10.1

 fc6ae27559810d7cb00916683bb96091  10.1/RPMS/squid-2.5.STABLE9-1.3.101mdk.i586.rpm
4c76043826e02d944f752fa5b65df065  10.1/SRPMS/squid-2.5.STABLE9-1.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 27e142d3fe10a00f53e1b81908623c9d  x86_64/10.1/RPMS/squid-2.5.STABLE9-1.3.101mdk.x86_64.rpm
4c76043826e02d944f752fa5b65df065  x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.3.101mdk.src.rpm

Corporate Server 2.1

 3d77f46d83d5f4059801d5cef8619cd0  corporate/2.1/RPMS/squid-2.4.STABLE7-2.8.C21mdk.i586.rpm
86621b440fd1545b3de520d812a2ad84  corporate/2.1/SRPMS/squid-2.4.STABLE7-2.8.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 a7e76046c6cbdf2096ee0981b873a684  x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.8.C21mdk.x86_64.rpm
86621b440fd1545b3de520d812a2ad84  x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.8.C21mdk.src.rpm

Corporate Server 3.0

 e25ada5ae035fcc193afe90b5b977588  corporate/3.0/RPMS/squid-2.5.STABLE9-1.3.C30mdk.i586.rpm
f47e0db9289695e0d1ac8ca80ed4d5a1  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.3.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 75553a5ca63867a16bfbb8d58621e328  x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.3.C30mdk.x86_64.rpm
f47e0db9289695e0d1ac8ca80ed4d5a1  x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.3.C30mdk.src.rpm

Multi Network Firewall 2.0

 2ce290ea1cd8daa631bb5e7adcde4bc2  mnf/2.0/RPMS/squid-2.5.STABLE9-1.3.M20mdk.i586.rpm
46b958e5ef7c7ead62bb216ea474ae5b  mnf/2.0/SRPMS/squid-2.5.STABLE9-1.3.M20mdk.src.rpm

Mandriva Linux LE2005

 1f1cd358e0c3d5f299310cc0c978bfcc  10.2/RPMS/squid-2.5.STABLE9-1.3.102mdk.i586.rpm
fac7af713eab60a0162f1f9db6db59a9  10.2/SRPMS/squid-2.5.STABLE9-1.3.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 961517306d7678b0f708f24d79431246  x86_64/10.2/RPMS/squid-2.5.STABLE9-1.3.102mdk.x86_64.rpm
fac7af713eab60a0162f1f9db6db59a9  x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.3.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer