|
|
| Problem Description |
Squid 2.5.9, while performing NTLM authentication, does not properly
handle certain request sequences, which allows attackers to cause a
denial of service (daemon restart).
The updated packages have been patched to address these issues.
| Updated Packages |
Mandrakelinux 10.1
2159ad83fce0c0e07abec59e859173df 10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.i586.rpm c068938f3b353ac957c2781fdf3a668b 10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
5d348dff4c6af7f6fadb7a082949a625 x86_64/10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.x86_64.rpm c068938f3b353ac957c2781fdf3a668b x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm
Corporate Server 2.1
28f055d1dac940a09bf8d75739640e47 corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.i586.rpm 1f673b3a7aad68b685463b96b8569157 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm
Corporate Server 2.1/X86_64
d5d6450ca3c426b16a9c36b9b4030f6c x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.x86_64.rpm 1f673b3a7aad68b685463b96b8569157 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm
Corporate Server 3.0
5877b6bf476c146d95b78dc62908721a corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.i586.rpm 9ab3c4c41fb8bd2bdeb84f753e270bda corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm
Corporate Server 3.0/X86_64
0d71ddfef090edb5ed2d0166a688b7a4 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.x86_64.rpm 9ab3c4c41fb8bd2bdeb84f753e270bda x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm
Multi Network Firewall 2.0
d50ee470ba3e48c31c1d9d182ceb94f4 mnf/2.0/RPMS/squid-2.5.STABLE9-1.4.M20mdk.i586.rpm 28c692f3fe6e26ec18e6f9c5df90247a mnf/2.0/SRPMS/squid-2.5.STABLE9-1.4.M20mdk.src.rpm
Mandriva Linux LE2005
c720af4bcd25b1601a78a288207dcbef 10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.i586.rpm 05710a48508987ad1a3f8610befb3545 10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
6652fcb5d9cb565d66e687ae8cd4621b x86_64/10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.x86_64.rpm 05710a48508987ad1a3f8610befb3545 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm
Mandriva Linux 2006
b1f84290d8148feeb4243d8662842f1e 2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.i586.rpm 6c1db02fae65e9202b26ecbeb06600f3 2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.i586.rpm 66e697ada09d6727c0b1cce0b535519a 2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
f8d2a35075a4515961707d52a4e54795 x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.x86_64.rpm 7f21b2f3e03ee10535b6e6204bd90f66 x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.x86_64.rpm 66e697ada09d6727c0b1cce0b535519a x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2917
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.