Paketname
squidGuard
Datum
2010-01-11
Advisory ID
MDVSA-2009:293-1
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

Multiple vulnerabilities has been found and corrected in squidGuard:

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
attackers to cause a denial of service (application hang or loss of
blocking functionality) via a long URL with many / (slash) characters,
related to emergency mode. (CVE-2009-3700).

Multiple buffer overflows in squidGuard 1.4 allow remote attackers
to bypass intended URL blocking via a long URL, related to (1)
the relationship between a certain buffer size in squidGuard and a
certain buffer size in Squid and (2) a redirect URL that contains
information about the originally requested URL (CVE-2009-3826).

squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional
upstream security and bug fixes patches applied.

This update fixes these vulnerabilities.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

Aktualisierte Pakete

2008.0 i586

 a26b9b6c562df50e5bdc2085d64afee0  2008.0/i586/squidGuard-1.2.0-14.1mdv2008.0.i586.rpm 
 2bc79ed1f73af0b5cb7c82b7f2df78f7  2008.0/SRPMS/squidGuard-1.2.0-14.1mdv2008.0.src.rpm

2008.0 x86_64

 ee84967352ebe00624076d19e17ee1a3  2008.0/x86_64/squidGuard-1.2.0-14.1mdv2008.0.x86_64.rpm 
 2bc79ed1f73af0b5cb7c82b7f2df78f7  2008.0/SRPMS/squidGuard-1.2.0-14.1mdv2008.0.src.rpm

Referenzen