|
 |
| Problem Description |
The cache update reply processing functionality in Squid 2.x before
2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial
of service (crash) via unknown vectors related to HTTP headers.
The updated package fixes this issue.
| Updated Packages |
Corporate Server 3.0
b80be38521a9c761ddeb3fac585a5bef corporate/3.0/i586/squid-2.5.STABLE9-1.8.C30mdk.i586.rpm 068c0327621ff22367dd979aa9f7ecee corporate/3.0/SRPMS/squid-2.5.STABLE9-1.8.C30mdk.src.rpm
Corporate Server 3.0/X86_64
2c0eaf65b0c65bb56793bce55d2ac0fc corporate/3.0/x86_64/squid-2.5.STABLE9-1.8.C30mdk.x86_64.rpm 068c0327621ff22367dd979aa9f7ecee corporate/3.0/SRPMS/squid-2.5.STABLE9-1.8.C30mdk.src.rpm
Multi Network Firewall 2.0
0d291e6348ec79f86213230619ce7cfd mnf/2.0/i586/squid-2.5.STABLE9-1.8.M20mdk.i586.rpm 2192fc9b2b9e1e000e144abf8e054860 mnf/2.0/SRPMS/squid-2.5.STABLE9-1.8.M20mdk.src.rpm
Mandriva Linux 2007
96faafb7a9e07b278a0aafa84bf926ae 2007.0/i586/squid-2.6.STABLE1-4.4mdv2007.0.i586.rpm 03fad047effae58ca2489e80aa1bfa5b 2007.0/i586/squid-cachemgr-2.6.STABLE1-4.4mdv2007.0.i586.rpm 37dfa22f24df058851acc5c3c1b5879d 2007.0/SRPMS/squid-2.6.STABLE1-4.4mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
c2ed1ce138a117d92a9d1258e19853a4 2007.0/x86_64/squid-2.6.STABLE1-4.4mdv2007.0.x86_64.rpm 8b1db434ee0e509aa71d7b1c81f62665 2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.4mdv2007.0.x86_64.rpm 37dfa22f24df058851acc5c3c1b5879d 2007.0/SRPMS/squid-2.6.STABLE1-4.4mdv2007.0.src.rpm
Corporate Server 4.0
69d5364d1187f459934c86e311bf6d96 corporate/4.0/i586/squid-2.6.STABLE1-4.4.20060mlcs4.i586.rpm 9cab80bad8eac5d17af87f8411185529 corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.4.20060mlcs4.i586.rpm 33c75a040e930c85e7668b160216558a corporate/4.0/SRPMS/squid-2.6.STABLE1-4.4.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
37a81cbfac6f8937fd74e4b672e04019 corporate/4.0/x86_64/squid-2.6.STABLE1-4.4.20060mlcs4.x86_64.rpm df0f15a253003d6b2c234e4a5ccfbff1 corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.4.20060mlcs4.x86_64.rpm 33c75a040e930c85e7668b160216558a corporate/4.0/SRPMS/squid-2.6.STABLE1-4.4.20060mlcs4.src.rpm
Mandriva Linux 2007.1
4e5314934a52d574cfab66fab288fec1 2007.1/i586/squid-2.6.STABLE7-2.1mdv2007.1.i586.rpm ea5fff3e07bb15bca7a2c3b3fd1dce43 2007.1/i586/squid-cachemgr-2.6.STABLE7-2.1mdv2007.1.i586.rpm 8ae95395bd9b0bd3888561ce359048db 2007.1/SRPMS/squid-2.6.STABLE7-2.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
c4b1a7b86c812f272601c76c757a456e 2007.1/x86_64/squid-2.6.STABLE7-2.1mdv2007.1.x86_64.rpm 48bd862e07da9f1aacbf8f4e30ebc734 2007.1/x86_64/squid-cachemgr-2.6.STABLE7-2.1mdv2007.1.x86_64.rpm 8ae95395bd9b0bd3888561ce359048db 2007.1/SRPMS/squid-2.6.STABLE7-2.1mdv2007.1.src.rpm
Mandriva Linux 2008.0
471283e5ec222b4558804201ed528580 2008.0/i586/squid-2.6.STABLE16-1.2mdv2008.0.i586.rpm aae1cede196ab3ee8ce872a4f9339197 2008.0/i586/squid-cachemgr-2.6.STABLE16-1.2mdv2008.0.i586.rpm 3b7ac01f28af138e6a4a911ea13c3014 2008.0/SRPMS/squid-2.6.STABLE16-1.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
ee831d24d0027f9e30d329ba19481572 2008.0/x86_64/squid-2.6.STABLE16-1.2mdv2008.0.x86_64.rpm 4d788055f21fd55b228881b66d4e351e 2008.0/x86_64/squid-cachemgr-2.6.STABLE16-1.2mdv2008.0.x86_64.rpm 3b7ac01f28af138e6a4a911ea13c3014 2008.0/SRPMS/squid-2.6.STABLE16-1.2mdv2008.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.