Fedora Test Update Notification: squid

Thu Jun 17 03:59:11 UTC 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1732
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1732
2004-06-16
- ---------------------------------------------------------------------

Name        : squid
Version 9   : 2.5.STABLE1-4.10.legacy
Summary     : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

- ---------------------------------------------------------------------
Update Information:

Remote exploitation of a buffer overflow vulnerability in Squid Web
Proxy Cache could allow a remote attacker to execute arbitrary code.

A remote attacker can compromise a target system if Squid Proxy is
configured to use the NTLM authentication helper. The attacker can send
an overly long password to overflow the buffer and execute arbitrary
code.

iDEFENSE has confirmed the existence of this vulnerability in
Squid-Proxy 2.5.*-STABLE and 3.*-PRE when Squid-Proxy is compiled with
the NTLM helper enabled.

- ---------------------------------------------------------------------
Changelog:

9:

* Tue Jun 15 2004 Jesse Keating <jkeating at j2solutions.net> 
7:2.5.STABLE1-4.10.legacy

- - Added openssl-devel cyrus-sasl-devel as buildreqs.

* Tue Jun 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
7:2.5.STABLE1-4.9.legacy

- - CAN-2004-0541 security patch (NTLM Authentication Helper Buffer Overflow)

* Tue Mar 09 2004 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE1-3.9

- - Backport patch for %00 vulnerability
- - Backport patch to support the new urllogin acl type so squid can
  be configured to protect vulnerable Microsoft Internet Explorer users.

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/

d22a414bdee2eaa3bd7c067afc0c181ee78e0a68  
9/updates-testing/SRPMS/squid-2.5.STABLE1-4.10.legacy.src.rpm
3af36a2a723d62f34337a3b56f3b4a0a8705288f  
9/updates-testing/i386/squid-2.5.STABLE1-4.10.legacy.i386.rpm

Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0RcP4v2HLvE71NURAnDKAJ9S1ESYbN/Pa7oCXJ3SrYe3GYyRawCeI/JK
OIjIASyaYp4/OKcGd+XBBBE=
=Sjap
-----END PGP SIGNATURE-----