Package name
squid
Date
2008-07-04
Advisory ID
MDVSA-2008:134
Affected versions
CS4.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , 2007.1 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2007.1 x86_64

Problem description

An incorrect fix for CVE-2007-6239 resulted in Squid not performing
proper bounds checking when processing cache update replies. Because
of this, a remote authenticated user might have been able to trigger
an assertion error and cause a denial of service (CVE-2008-1612).

The updated packages have been patched to correct this issue.

Updated packages

CS4.0 i586

 f294de04b7285866c8c8bd1fc501a37e  corporate/4.0/i586/squid-2.6.STABLE1-4.5.20060mlcs4.i586.rpm
 7eec6fef4bf1be7356323340c758a242  corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.5.20060mlcs4.i586.rpm 
 48b89f934fd21bea7c454ef507277017  corporate/4.0/SRPMS/squid-2.6.STABLE1-4.5.20060mlcs4.src.rpm

CS4.0 x86_64

 9409f71fc022129de41ef2882be751e9  corporate/4.0/x86_64/squid-2.6.STABLE1-4.5.20060mlcs4.x86_64.rpm
 036c98b8a72a3e283a96b6166ca73024  corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.5.20060mlcs4.x86_64.rpm 
 48b89f934fd21bea7c454ef507277017  corporate/4.0/SRPMS/squid-2.6.STABLE1-4.5.20060mlcs4.src.rpm

MNF2.0 i586

 ec9e5eea1dd1a5ff7a074c727bb27543  mnf/2.0/i586/squid-2.5.STABLE9-1.9.C30mdk.i586.rpm 
 795c5d666cff5af8e0912cbb1f2bfe4c  mnf/2.0/SRPMS/squid-2.5.STABLE9-1.9.C30mdk.src.rpm

2007.1 i586

 248155a42ab8820fd29fce25995949bf  2007.1/i586/squid-2.6.STABLE7-2.2mdv2007.1.i586.rpm
 33503f35607e909e7fcb1ab9be98915e  2007.1/i586/squid-cachemgr-2.6.STABLE7-2.2mdv2007.1.i586.rpm 
 0fb7e375fa1eb5508d4f87f152eb75f1  2007.1/SRPMS/squid-2.6.STABLE7-2.2mdv2007.1.src.rpm

CS3.0 x86_64

 885b67df0ca072442a0355ea2fe11ac5  corporate/3.0/x86_64/squid-2.5.STABLE9-1.9.C30mdk.x86_64.rpm 
 4711ba95422fa835f4fd6ad01db41e62  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.9.C30mdk.src.rpm

2008.0 x86_64

 00768d35f3492d087788160b33faeca1  2008.0/x86_64/squid-2.6.STABLE16-1.3mdv2008.0.x86_64.rpm
 a4f7b01925d6638736a14301a88f6327  2008.0/x86_64/squid-cachemgr-2.6.STABLE16-1.3mdv2008.0.x86_64.rpm 
 a1827941570c11ed67cced2dc03c3087  2008.0/SRPMS/squid-2.6.STABLE16-1.3mdv2008.0.src.rpm

CS3.0 i586

 06592ba582a05df6863bae3ee194e24c  corporate/3.0/i586/squid-2.5.STABLE9-1.9.C30mdk.i586.rpm 
 4711ba95422fa835f4fd6ad01db41e62  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.9.C30mdk.src.rpm

2008.0 i586

 8db0c7927b559eeae600de6cbb824028  2008.0/i586/squid-2.6.STABLE16-1.3mdv2008.0.i586.rpm
 0bd46c74785037fb1cb126be08fefd25  2008.0/i586/squid-cachemgr-2.6.STABLE16-1.3mdv2008.0.i586.rpm 
 a1827941570c11ed67cced2dc03c3087  2008.0/SRPMS/squid-2.6.STABLE16-1.3mdv2008.0.src.rpm

2007.1 x86_64

 ce99e5e402516f30ebd675cbb8ad45fa  2007.1/x86_64/squid-2.6.STABLE7-2.2mdv2007.1.x86_64.rpm
 72697993236ec0a4061b3142bc91f7ee  2007.1/x86_64/squid-cachemgr-2.6.STABLE7-2.2mdv2007.1.x86_64.rpm 
 0fb7e375fa1eb5508d4f87f152eb75f1  2007.1/SRPMS/squid-2.6.STABLE7-2.2mdv2007.1.src.rpm

References