Package name
squid
Date
2013-04-10
Advisory ID
MDVSA-2013:129
Affected versions
MBS1 x86_64

Problem description

Updated squid packages fix security vulnerability:

Due to missing input validation, the Squid cachemgr.cgi tool in Squid
before 3.1.22 and 3.2.4 is vulnerable to a denial of service attack
when processing specially crafted requests (CVE-2012-5643).

It was discovered that the patch for CVE-2012-5643 was incorrect. A
remote attacker could exploit this flaw to perform a denial of service
attack (CVE-2013-0189).

Updated packages

MBS1 x86_64

 03f4a33d16e0ccb13c2b825fa9739e3c  mbs1/x86_64/squid-3.1.19-5.2.mbs1.x86_64.rpm
 0844295e6c832b20b53a89a6570bd632  mbs1/x86_64/squid-cachemgr-3.1.19-5.2.mbs1.x86_64.rpm 
 721e597deda6926578f64dd31b0df387  mbs1/SRPMS/squid-3.1.19-5.2.mbs1.src.rpm

References