Nom du paquet
squid
Date
2005-01-24
Advisory ID
MDKSA-2005:014
Affected versions
9.2 i586 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 i586 , 9.2 amd64 , CS2.1 i586 , 10.1 x86_64

Problem description

"infamous41md" discovered two vulnerabilities in the squid proxy cache server. The first is a buffer overflow in the Gopher response parser which leads to memory corruption and would usually crash squid (CAN-2005-0094). The second is an integer overflow in the receiver of WCCP (Web Cache Communication Protocol) messages. An attacker could send a specially crafted UDP datagram that would cause squid to crash (CAN-2005-0095). The updated packages have been patched to prevent these problems.

Updated packages

9.2 i586

 b200e4cd5136b605665675c22a07f8f6  9.2/RPMS/squid-2.5.STABLE3-3.5.92mdk.i586.rpm
3ad2ffec1411fae0708f4f3e00505fa3  9.2/SRPMS/squid-2.5.STABLE3-3.5.92mdk.src.rpm

CS2.1 x86_64

 903517606084ab4d37e2a52506eed1a5  x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.3.C21mdk.x86_64.rpm
dfc6cc283c301c3f4495e3a8f7ddcd63  x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.3.C21mdk.src.rpm

10.0 amd64

 01d6b3dfa7dc5dd5cf1a95c14492f18c  amd64/10.0/RPMS/squid-2.5.STABLE4-2.3.100mdk.amd64.rpm
c2cb0554ab7225eef74bef946ffe359d  amd64/10.0/SRPMS/squid-2.5.STABLE4-2.3.100mdk.src.rpm

10.1 i586

 59493538203620d5bcaabaa23d601446  10.1/RPMS/squid-2.5.STABLE6-2.2.101mdk.i586.rpm
e54c318ee8ec23a28f7ab799e7caad33  10.1/SRPMS/squid-2.5.STABLE6-2.2.101mdk.src.rpm

10.0 i586

 829a39d43e630ea5723714a6914fb714  10.0/RPMS/squid-2.5.STABLE4-2.3.100mdk.i586.rpm
c2cb0554ab7225eef74bef946ffe359d  10.0/SRPMS/squid-2.5.STABLE4-2.3.100mdk.src.rpm

CS3.0 i586

 c3567af5bc3b38291199904d81165879  corporate/3.0/RPMS/squid-2.5.STABLE4-2.3.C30mdk.i586.rpm
89d53797c271b1897f775d75c4bb4b9e  corporate/3.0/SRPMS/squid-2.5.STABLE4-2.3.C30mdk.src.rpm

9.2 amd64

 e3eff312ad7b514582575f076f26e5fb  amd64/9.2/RPMS/squid-2.5.STABLE3-3.5.92mdk.amd64.rpm
3ad2ffec1411fae0708f4f3e00505fa3  amd64/9.2/SRPMS/squid-2.5.STABLE3-3.5.92mdk.src.rpm

CS2.1 i586

 a42ac4049889e5b7123be68f65784f79  corporate/2.1/RPMS/squid-2.4.STABLE7-2.3.C21mdk.i586.rpm
dfc6cc283c301c3f4495e3a8f7ddcd63  corporate/2.1/SRPMS/squid-2.4.STABLE7-2.3.C21mdk.src.rpm

10.1 x86_64

 f11e4cc06bcface8d67e8505eaa96723  x86_64/10.1/RPMS/squid-2.5.STABLE6-2.2.101mdk.x86_64.rpm
e54c318ee8ec23a28f7ab799e7caad33  x86_64/10.1/SRPMS/squid-2.5.STABLE6-2.2.101mdk.src.rpm

References