MDVSA-2009:034

Package name

squid

Date

2009-02-10

Advisory ID

MDVSA-2009:034

Affected versions

2009.0 x86_64 , 2009.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problem description

Due to an internal error Squid is vulnerable to a denial of service
attack when processing specially crafted requests. This problem allows
any client to perform a denial of service attack on the Squid service
(CVE-2009-0478).

The updated packages have been patched to adress this.

Updated packages

2009.0 x86_64

 d698fd6bf0598af3e4cb42f88dd539be  2009.0/x86_64/squid-3.0-8.1mdv2009.0.x86_64.rpm
 874be46833d14b23923150203be90109  2009.0/x86_64/squid-cachemgr-3.0-8.1mdv2009.0.x86_64.rpm 
 64c0b0ac2cf102141ee7a8ad8747e42d  2009.0/SRPMS/squid-3.0-8.1mdv2009.0.src.rpm

2009.0 i586

 bf09cfce8db0718009470bff9f680039  2009.0/i586/squid-3.0-8.1mdv2009.0.i586.rpm
 0da7251030b5e0912aaf47937562c288  2009.0/i586/squid-cachemgr-3.0-8.1mdv2009.0.i586.rpm 
 64c0b0ac2cf102141ee7a8ad8747e42d  2009.0/SRPMS/squid-3.0-8.1mdv2009.0.src.rpm

2008.1 x86_64

 22e84fc5aa771bdf9cf1d1192f94a1bf  2008.1/x86_64/squid-3.0-1.1mdv2008.1.x86_64.rpm
 340964989d6639ce4d1fb4bd089d0a89  2008.1/x86_64/squid-cachemgr-3.0-1.1mdv2008.1.x86_64.rpm 
 02c5602fa6a2bf7b1f97de5050a71af5  2008.1/SRPMS/squid-3.0-1.1mdv2008.1.src.rpm

2008.1 i586

 16a8648b21391a385fb98a691ad05850  2008.1/i586/squid-3.0-1.1mdv2008.1.i586.rpm
 ba61fb27a256c11a53120baf0e32fd94  2008.1/i586/squid-cachemgr-3.0-1.1mdv2008.1.i586.rpm 
 02c5602fa6a2bf7b1f97de5050a71af5  2008.1/SRPMS/squid-3.0-1.1mdv2008.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0478