MDVSA-2009:178

Nom du paquet

squid

Date

2009-07-29

Advisory ID

MDVSA-2009:178

Affected versions

MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in squid:

Due to incorrect buffer limits and related bound checks Squid is
vulnerable to a denial of service attack when processing specially
crafted requests or responses (CVE-2009-2621).

Due to incorrect data validation Squid is vulnerable to a denial
of service attack when processing specially crafted responses
(CVE-2009-2622).

This update provides fixes for these vulnerabilities.

Updated packages

MES5 i586

 ff1ab2abbdc034f3b14a0f082a97b46d  mes5/i586/squid-3.0-8.2mdvmes5.i586.rpm
 310b8a706f5c7525cc1e2305173615c0  mes5/i586/squid-cachemgr-3.0-8.2mdvmes5.i586.rpm 
 c434883627e14c687118c098cfce715a  mes5/SRPMS/squid-3.0-8.2mdvmes5.src.rpm

MES5 x86_64

 6c4d7a537b1dd8f847b77918fb5b72c1  mes5/x86_64/squid-3.0-8.2mdvmes5.x86_64.rpm
 8fd91468d91468754ab433533d215251  mes5/x86_64/squid-cachemgr-3.0-8.2mdvmes5.x86_64.rpm 
 c434883627e14c687118c098cfce715a  mes5/SRPMS/squid-3.0-8.2mdvmes5.src.rpm

References

• http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2621
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2622