MDKSA-2001:066

Package name

squid

Date

2001-07-25

Advisory ID

MDKSA-2001:066

Affected versions

8.0 i586 , SNF7.2 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586

Problem description

The Squid proxy server has a serious security flaw in versions 2.3.STABLE2 through 2.3.STABLE4. This problem surfaces when Squid is used in httpd_accel mode. If you configure http_accel_with_proxy off then any request to Squid is allowed. Malicious users may use your proxy to portscan remote systems, forge email, and other activities.

Updated packages

8.0 i586

 14153011ab7acbd47931cf9132668c66  8.0/RPMS/squid-2.3.STABLE5-1.1mdk.i586.rpm
9d8bffce51ee9956f0427ccdb622e68a  8.0/SRPMS/squid-2.3.STABLE5-1.1mdk.src.rpm

SNF7.2 i586

 0011049a6467f54c535748774d412044  snf7.2/RPMS/squid-2.3.STABLE5-1.2mdk.i586.rpm
47146b1ac324f9c6b4bfa53eebcfe4d4  snf7.2/SRPMS/squid-2.3.STABLE5-1.2mdk.src.rpm

7.2 i586

 0011049a6467f54c535748774d412044  7.2/RPMS/squid-2.3.STABLE5-1.2mdk.i586.rpm
47146b1ac324f9c6b4bfa53eebcfe4d4  7.2/SRPMS/squid-2.3.STABLE5-1.2mdk.src.rpm

7.1 i586

 ab9c855a6d238e5dff3e3561d5949d94  7.1/RPMS/squid-2.3.STABLE5-1.3mdk.i586.rpm
8a417c3fac5aa588951193d2999e9fda  7.1/SRPMS/squid-2.3.STABLE5-1.3mdk.src.rpm

CS1.0 i586

 ab9c855a6d238e5dff3e3561d5949d94  1.0.1/RPMS/squid-2.3.STABLE5-1.3mdk.i586.rpm
8a417c3fac5aa588951193d2999e9fda  1.0.1/SRPMS/squid-2.3.STABLE5-1.3mdk.src.rpm

References

• http://www.squid-cache.org/Versions/v2/2.3/