Support / Security / Advisories / Mandriva Linux 2008.0 / MDVSA-2009:241-1

Package name: squid
Date: 2010-01-11
Advisory ID: MDVSA-2009:241-1
Affected versions: 2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability was discovered and corrected in squid:

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7
allows remote attackers to cause a denial of service via a crafted
auth header with certain comma delimiters that trigger an infinite
loop of calls to the strcspn function (CVE-2009-2855).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

Updated packages

2008.0 i586

 e4c9373aabe23a99038535933cadfcdf  2008.0/i586/squid-2.6.STABLE16-1.4mdv2008.0.i586.rpm
 264a75acfe38304d56f246ced43c0b77  2008.0/i586/squid-cachemgr-2.6.STABLE16-1.4mdv2008.0.i586.rpm 
 c5cb0059c20cf425ae1eb5320fb88d9a  2008.0/SRPMS/squid-2.6.STABLE16-1.4mdv2008.0.src.rpm

2008.0 x86_64

 736aebebdae4217c764a3a27d352f162  2008.0/x86_64/squid-2.6.STABLE16-1.4mdv2008.0.x86_64.rpm
 bac27002220cdbe610a1dc5cfb249603  2008.0/x86_64/squid-cachemgr-2.6.STABLE16-1.4mdv2008.0.x86_64.rpm 
 c5cb0059c20cf425ae1eb5320fb88d9a  2008.0/SRPMS/squid-2.6.STABLE16-1.4mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855