<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:068 ] - Updated squid packages fix DoS vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:068
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : squid
 Date    : March 22, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Due to an internal error Squid-2.6 is vulnerable to a denial of service
 attack when processing the TRACE request method. This problem allows
 any client trusted to use the service to perform a denial of service
 attack on the Squid service.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 e56b626c99d9fde6e6ce2e3229365507  
2006.0/i586/squid-2.5.STABLE10-10.4.20060mdk.i586.rpm
 fe14ce71483e6d00471a9b157f1394ad  
2006.0/i586/squid-cachemgr-2.5.STABLE10-10.4.20060mdk.i586.rpm 
 e3dca65061ce799f0a14843ff6c9494e  
2006.0/SRPMS/squid-2.5.STABLE10-10.4.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 76f9515ef619dfef179bcd89195fe922  
2006.0/x86_64/squid-2.5.STABLE10-10.4.20060mdk.x86_64.rpm
 2ef40237eb928e6c93c769b5a89e9436  
2006.0/x86_64/squid-cachemgr-2.5.STABLE10-10.4.20060mdk.x86_64.rpm 
 e3dca65061ce799f0a14843ff6c9494e  
2006.0/SRPMS/squid-2.5.STABLE10-10.4.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 054f7d10fda6b956f9dc3631dfc6d4b0  
2007.0/i586/squid-2.6.STABLE1-4.3mdv2007.0.i586.rpm
 cff3225c30326efd3b60d22a0834556a  
2007.0/i586/squid-cachemgr-2.6.STABLE1-4.3mdv2007.0.i586.rpm 
 39da38403992ae890878163921074e66  
2007.0/SRPMS/squid-2.6.STABLE1-4.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 5eefe7e1c4c3220e38d7832690cb323d  
2007.0/x86_64/squid-2.6.STABLE1-4.3mdv2007.0.x86_64.rpm
 6b0627995c722c40a0159979553a89ff  
2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.3mdv2007.0.x86_64.rpm 
 39da38403992ae890878163921074e66  
2007.0/SRPMS/squid-2.6.STABLE1-4.3mdv2007.0.src.rpm

 Corporate 3.0:
 a986e19d7ba9623b4dda97a6bba72f79  
corporate/3.0/i586/squid-2.5.STABLE9-1.7.C30mdk.i586.rpm 
 c19c9d0a546f9a49760ef0fdff1c3b20  
corporate/3.0/SRPMS/squid-2.5.STABLE9-1.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d7f677e1f272e638ee960755459b1ded  
corporate/3.0/x86_64/squid-2.5.STABLE9-1.7.C30mdk.x86_64.rpm 
 c19c9d0a546f9a49760ef0fdff1c3b20  
corporate/3.0/SRPMS/squid-2.5.STABLE9-1.7.C30mdk.src.rpm

 Corporate 4.0:
 6ab68dde26eb1474b501e657dffa8559  
corporate/4.0/i586/squid-2.6.STABLE1-4.3.20060mlcs4.i586.rpm
 9bdf42003bc25b658a0a1f068161e88a  
corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.3.20060mlcs4.i586.rpm 
 37dc55633b7cf98ac69109074bf19eb9  
corporate/4.0/SRPMS/squid-2.6.STABLE1-4.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0e5bb0f771ab24c33cd83df0b5ce6925  
corporate/4.0/x86_64/squid-2.6.STABLE1-4.3.20060mlcs4.x86_64.rpm
 318eefc20e4b2e90f297edd4e0d3b9b4  
corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.3.20060mlcs4.x86_64.rpm 
 37dc55633b7cf98ac69109074bf19eb9  
corporate/4.0/SRPMS/squid-2.6.STABLE1-4.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 0eb2b836cb6c6f04b7bdf588a82de958  
mnf/2.0/i586/squid-2.5.STABLE9-1.7.M20mdk.i586.rpm 
 bd364264eb1262e255b796714cbe2f58  
mnf/2.0/SRPMS/squid-2.5.STABLE9-1.7.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGAsammqjQ0CJFipgRAgWnAJsE+IF5RHjBEyO6xZX290rMpkF8swCg4vOF
XbU1oT9mGL+HAUUT/KlBxDQ=
=9mdl
-----END PGP SIGNATURE-----