MDVSA-2009:161-1

Nom du paquet

squid

Date

2009-08-08

Advisory ID

MDVSA-2009:161-1

Affected versions

2009.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , 2008.1 x86_64 , 2009.1 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in squid:

Due to incorrect buffer limits and related bound checks Squid is
vulnerable to a denial of service attack when processing specially
crafted requests or responses (CVE-2009-2621).

Due to incorrect data validation Squid is vulnerable to a denial
of service attack when processing specially crafted responses
(CVE-2009-2622).

This update provides fixes for these vulnerabilities.

Update:

Additional upstream security patches were applied:

Debug warnings fills up the logs.

Upstream Bug 2728: regression: assertion failed: http.cc:705: !eof

Updated packages

2009.0 x86_64

 c31d8b18943d5991057d60f85308b295  2009.0/x86_64/squid-3.0-8.3mdv2009.0.x86_64.rpm
 60eb016ab3f3118bb1ac3815e15f611a  2009.0/x86_64/squid-cachemgr-3.0-8.3mdv2009.0.x86_64.rpm 
 da26efb976c48dc47b5c0ab4a31cf770  2009.0/SRPMS/squid-3.0-8.3mdv2009.0.src.rpm

MES5 i586

 6f3488ad1431be0621932d42ae93f856  mes5/i586/squid-3.0-8.3mdvmes5.i586.rpm
 f7132b51d8e0c2c79c2e64cabbc1f928  mes5/i586/squid-cachemgr-3.0-8.3mdvmes5.i586.rpm 
 d7051be1a4f5f8436cd0ec7334fbbea6  mes5/SRPMS/squid-3.0-8.3mdvmes5.src.rpm

2009.1 i586

 d2a688018c6a12935defd2e581e67f78  2009.1/i586/squid-3.0-14.2mdv2009.1.i586.rpm
 b89fdc36becd736a073fa90e3ce7bed4  2009.1/i586/squid-cachemgr-3.0-14.2mdv2009.1.i586.rpm 
 1ab07e46b21e1fba49ad274ec70d9db5  2009.1/SRPMS/squid-3.0-14.2mdv2009.1.src.rpm

2009.0 i586

 0878bbf4a92762e656815c92126f32b9  2009.0/i586/squid-3.0-8.3mdv2009.0.i586.rpm
 430fd4dbe28591babbbda547e3e7cdd3  2009.0/i586/squid-cachemgr-3.0-8.3mdv2009.0.i586.rpm 
 da26efb976c48dc47b5c0ab4a31cf770  2009.0/SRPMS/squid-3.0-8.3mdv2009.0.src.rpm

2008.1 i586

 70e3f4286e5321fea8b36736fc932bf2  2008.1/i586/squid-3.0-1.3mdv2008.1.i586.rpm
 187124f52e6dc2fce724f0081e5fc4b6  2008.1/i586/squid-cachemgr-3.0-1.3mdv2008.1.i586.rpm 
 ffb19d5dc3c08beef7ae8dd8f0d27e62  2008.1/SRPMS/squid-3.0-1.3mdv2008.1.src.rpm

2008.1 x86_64

 61d27544a43ee767f8f726844145c3b8  2008.1/x86_64/squid-3.0-1.3mdv2008.1.x86_64.rpm
 c68ae2af5f62788cf104ac9655903212  2008.1/x86_64/squid-cachemgr-3.0-1.3mdv2008.1.x86_64.rpm 
 ffb19d5dc3c08beef7ae8dd8f0d27e62  2008.1/SRPMS/squid-3.0-1.3mdv2008.1.src.rpm

2009.1 x86_64

 d43edb69f721c30151607c29ef72cf92  2009.1/x86_64/squid-3.0-14.2mdv2009.1.x86_64.rpm
 12fa9bb740446332319dd1f3157a49fa  2009.1/x86_64/squid-cachemgr-3.0-14.2mdv2009.1.x86_64.rpm 
 1ab07e46b21e1fba49ad274ec70d9db5  2009.1/SRPMS/squid-3.0-14.2mdv2009.1.src.rpm

MES5 x86_64

 3b095a4e24704cf6c63f9a180dce6121  mes5/x86_64/squid-3.0-8.3mdvmes5.x86_64.rpm
 042576d27f54f4d0074db6aa5725d2af  mes5/x86_64/squid-cachemgr-3.0-8.3mdvmes5.x86_64.rpm 
 d7051be1a4f5f8436cd0ec7334fbbea6  mes5/SRPMS/squid-3.0-8.3mdvmes5.src.rpm

References

• http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2622
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2621