<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:181 - Updated squid packages fix vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           squid
 Advisory ID:            MDKSA-2005:181
 Date:                   October 11th, 2005

 Affected versions:      10.1, 10.2, 2006.0, Corporate 3.0,
                         Corporate Server 2.1,
                         Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Squid 2.5.9, while performing NTLM authentication, does not properly
 handle certain request sequences, which allows attackers to cause a
 denial of service (daemon restart).
 
 The updated packages have been patched to address these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2917
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.1:
 2159ad83fce0c0e07abec59e859173df  
10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.i586.rpm
 c068938f3b353ac957c2781fdf3a668b  
10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm

 Mandrivalinux 10.1/X86_64:
 5d348dff4c6af7f6fadb7a082949a625  
x86_64/10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.x86_64.rpm
 c068938f3b353ac957c2781fdf3a668b  
x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm

 Mandrivalinux 10.2:
 c720af4bcd25b1601a78a288207dcbef  
10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.i586.rpm
 05710a48508987ad1a3f8610befb3545  
10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 6652fcb5d9cb565d66e687ae8cd4621b  
x86_64/10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.x86_64.rpm
 05710a48508987ad1a3f8610befb3545  
x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm

 Mandrivalinux 2006.0:
 b1f84290d8148feeb4243d8662842f1e  
2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.i586.rpm
 6c1db02fae65e9202b26ecbeb06600f3  
2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.i586.rpm
 66e697ada09d6727c0b1cce0b535519a  
2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 f8d2a35075a4515961707d52a4e54795  
x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.x86_64.rpm
 7f21b2f3e03ee10535b6e6204bd90f66  
x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.x86_64.rpm
 66e697ada09d6727c0b1cce0b535519a  
x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm

 Multi Network Firewall 2.0:
 d50ee470ba3e48c31c1d9d182ceb94f4  
mnf/2.0/RPMS/squid-2.5.STABLE9-1.4.M20mdk.i586.rpm
 28c692f3fe6e26ec18e6f9c5df90247a  
mnf/2.0/SRPMS/squid-2.5.STABLE9-1.4.M20mdk.src.rpm

 Corporate Server 2.1:
 28f055d1dac940a09bf8d75739640e47  
corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.i586.rpm
 1f673b3a7aad68b685463b96b8569157  
corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d5d6450ca3c426b16a9c36b9b4030f6c  
x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.x86_64.rpm
 1f673b3a7aad68b685463b96b8569157  
x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm

 Corporate 3.0:
 5877b6bf476c146d95b78dc62908721a  
corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.i586.rpm
 9ab3c4c41fb8bd2bdeb84f753e270bda  
corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 0d71ddfef090edb5ed2d0166a688b7a4  
x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.x86_64.rpm
 9ab3c4c41fb8bd2bdeb84f753e270bda  
x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDTKh5mqjQ0CJFipgRArdZAKDlrB2Rd3kuMYJhukvGlddk6otNOQCg1n0u
q4X1pkfIEY9dUrOqLvya22M=
=wGZ3
-----END PGP SIGNATURE-----