MDKSA-2005:034

Package name

squid

Date

2005-02-10

Advisory ID

MDKSA-2005:034

Affected versions

9.2 i586 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 9.2 amd64 , CS2.1 i586 , 10.1 x86_64

Problem description

More vulnerabilities were discovered in the squid server: The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls (CAN-2005-0173). Minor problems in the HTTP header parsing code that could be used for cache poisoning (CAN-2005-0174 and CAN-2005-0175). A buffer overflow in the WCCP handling code allowed remote attackers to cause a Denial of Service and could potentially allow for the execution of arbitrary code by using a long WCCP packet. The updated packages have been patched to prevent these problems.

Updated packages

9.2 i586

 c421d3df715cefb0a97995269f16e931  9.2/RPMS/squid-2.5.STABLE3-3.6.92mdk.i586.rpm
1fd8fdf79dbd6f647d00bea37be5400b  9.2/SRPMS/squid-2.5.STABLE3-3.6.92mdk.src.rpm

CS2.1 x86_64

 4cd111cf43876cc401eccfc49b48148c  x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.4.C21mdk.x86_64.rpm
d706be0b04a5ac2e5b28b5b151181bda  x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.4.C21mdk.src.rpm

10.0 amd64

 432ea3eabd02f1f3b18919b23a3f19fe  amd64/10.0/RPMS/squid-2.5.STABLE4-2.4.100mdk.amd64.rpm
d856951204f2d02932e7bb413bb31bfa  amd64/10.0/SRPMS/squid-2.5.STABLE4-2.4.100mdk.src.rpm

10.1 i586

 a5bf0588457cd842d2326f647ebcbc25  10.1/RPMS/squid-2.5.STABLE6-2.3.101mdk.i586.rpm
b726f35ab93d4a12576a7923e374e5bf  10.1/SRPMS/squid-2.5.STABLE6-2.3.101mdk.src.rpm

10.0 i586

 656b659ee9ba2c1a08e24d1187a2c29f  10.0/RPMS/squid-2.5.STABLE4-2.4.100mdk.i586.rpm
d856951204f2d02932e7bb413bb31bfa  10.0/SRPMS/squid-2.5.STABLE4-2.4.100mdk.src.rpm

CS3.0 x86_64

 13a4a4ac0b02deb4366482e3f2317b22  x86_64/corporate/3.0/RPMS/squid-2.5.STABLE4-2.4.C30mdk.x86_64.rpm
8fd70e360e772d30e8668000a6954a1d  x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE4-2.4.C30mdk.src.rpm

CS3.0 i586

 be661ea6526f37cf0efdb097319a2a46  corporate/3.0/RPMS/squid-2.5.STABLE4-2.4.C30mdk.i586.rpm
8fd70e360e772d30e8668000a6954a1d  corporate/3.0/SRPMS/squid-2.5.STABLE4-2.4.C30mdk.src.rpm

9.2 amd64

 21d4c2e94050161a6192e63304852ec7  amd64/9.2/RPMS/squid-2.5.STABLE3-3.6.92mdk.amd64.rpm
1fd8fdf79dbd6f647d00bea37be5400b  amd64/9.2/SRPMS/squid-2.5.STABLE3-3.6.92mdk.src.rpm

CS2.1 i586

 50c44984c30f4c8e0db630da66411c70  corporate/2.1/RPMS/squid-2.4.STABLE7-2.4.C21mdk.i586.rpm
d706be0b04a5ac2e5b28b5b151181bda  corporate/2.1/SRPMS/squid-2.4.STABLE7-2.4.C21mdk.src.rpm

10.1 x86_64

 96e84ddeb61f432b7358344da7608f25  x86_64/10.1/RPMS/squid-2.5.STABLE6-2.3.101mdk.x86_64.rpm
b726f35ab93d4a12576a7923e374e5bf  x86_64/10.1/SRPMS/squid-2.5.STABLE6-2.3.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0211
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0173
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0174
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0175
• http://www.squid-cache.org/Advisories/SQUID-2005_3.txt