Support / Sécurité / Annonces de sécurité / Multi Network Firewall 2.0 / MDVSA-2009:293

Nom du paquet: squidGuard
Date: 2009-11-03
Advisory ID: MDVSA-2009:293
Affected versions: 2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2009.1 i586 , 2009.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , MES5 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in squidGuard:

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
attackers to cause a denial of service (application hang or loss of
blocking functionality) via a long URL with many / (slash) characters,
related to emergency mode. (CVE-2009-3700).

Multiple buffer overflows in squidGuard 1.4 allow remote attackers
to bypass intended URL blocking via a long URL, related to (1)
the relationship between a certain buffer size in squidGuard and a
certain buffer size in Squid and (2) a redirect URL that contains
information about the originally requested URL (CVE-2009-3826).

squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional
upstream security and bug fixes patches applied.

This update fixes these vulnerabilities.

Updated packages

2009.0 x86_64

 c8ce4727e7a7a062196616102ac03c75  2009.0/x86_64/squidGuard-1.3-1.1mdv2009.0.x86_64.rpm 
 5b9e436cb1866b66a59789f9d0147be7  2009.0/SRPMS/squidGuard-1.3-1.1mdv2009.0.src.rpm

CS4.0 x86_64

 0e4dce779010bc97bfb40dd46511e61c  corporate/4.0/x86_64/squidGuard-1.2.1-0.1.20060mlcs4.x86_64.rpm 
 41e551a07f381020d18bcf19d5aabbc8  corporate/4.0/SRPMS/squidGuard-1.2.1-0.1.20060mlcs4.src.rpm

MNF2.0 i586

 cbd56a801cc68478bf6348ce0b5193d1  mnf/2.0/i586/squidGuard-1.2.1-0.1.C30mdk.i586.rpm 
 358ec35776e7a4c7062bcb936e8f2a1e  mnf/2.0/SRPMS/squidGuard-1.2.1-0.1.C30mdk.src.rpm

2009.1 i586

 77efe541c81811d47c695f3189e583e7  2009.1/i586/squidGuard-1.4-1.1mdv2009.1.i586.rpm 
 c057b45049ed4655fc367fdad7b492ba  2009.1/SRPMS/squidGuard-1.4-1.1mdv2009.1.src.rpm

2009.0 i586

 d51a6de0eb876804fcb7ebc8e5bc671f  2009.0/i586/squidGuard-1.3-1.1mdv2009.0.i586.rpm 
 5b9e436cb1866b66a59789f9d0147be7  2009.0/SRPMS/squidGuard-1.3-1.1mdv2009.0.src.rpm

CS3.0 x86_64

 dd3e63730283d91df564fd9dfe436c75  corporate/3.0/x86_64/squidGuard-1.2.1-0.1.C30mdk.x86_64.rpm 
 da035e0175561ee84c7ea900b504e1f5  corporate/3.0/SRPMS/squidGuard-1.2.1-0.1.C30mdk.src.rpm

CS4.0 i586

 a5b7580f7288482f5ea87e0a7903085d  corporate/4.0/i586/squidGuard-1.2.1-0.1.20060mlcs4.i586.rpm 
 41e551a07f381020d18bcf19d5aabbc8  corporate/4.0/SRPMS/squidGuard-1.2.1-0.1.20060mlcs4.src.rpm

CS3.0 i586

 1a6ff7e05b3867f666234dd4b511e89b  corporate/3.0/i586/squidGuard-1.2.1-0.1.C30mdk.i586.rpm 
 da035e0175561ee84c7ea900b504e1f5  corporate/3.0/SRPMS/squidGuard-1.2.1-0.1.C30mdk.src.rpm

MES5 i586

 5a5aaf6bfffcae9a3f736da5de946f6a  mes5/i586/squidGuard-1.4-0.2mdvmes5.i586.rpm 
 bfa391098ac9298228fa7bb9a660e80e  mes5/SRPMS/squidGuard-1.4-0.2mdvmes5.src.rpm

2009.1 x86_64

 02d9b40ba619f24376842ccdcb85a8be  2009.1/x86_64/squidGuard-1.4-1.1mdv2009.1.x86_64.rpm 
 c057b45049ed4655fc367fdad7b492ba  2009.1/SRPMS/squidGuard-1.4-1.1mdv2009.1.src.rpm

MES5 x86_64

 fdc0804c49ac90683d16fcc5941fcbf5  mes5/x86_64/squidGuard-1.4-0.2mdvmes5.x86_64.rpm 
 bfa391098ac9298228fa7bb9a660e80e  mes5/SRPMS/squidGuard-1.4-0.2mdvmes5.src.rpm

MDVSA-2009:293