RedHat: Moderate: squid security update RHSA-2007:0131-01
Summary
Summary
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed the TRACE request method. It was possible for an attacker behind the Squid proxy to issue a malformed TRACE request, crashing the Squid daemon child process. As long as these requests were sent, it would prevent legitimate usage of the proxy server. (CVE-2007-1560) This flaw does not affect the version of Squid shipped in Red Hat Enterprise Linux 2.1, 3, or 4. Users of Squid should upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
233253 - CVE-2007-1560 Squid TRACE DoS
6. RPMs required:
RHEL Desktop Workstation (v. 5 client):
SRPMS:
bbbe184b6f26ec847ee14a3db3dcdb2e squid-2.6.STABLE6-4.el5.src.rpm
i386:
2daca6e79b859f32057504b14655ce4f squid-2.6.STABLE6-4.el5.i386.rpm
0cccd20c1ffb96e8be9b3e4b5f1ddb8c squid-debuginfo-2.6.STABLE6-4.el5.i386.rpm
x86_64:
b636c16f03f747d185753ae600ccc8c6 squid-2.6.STABLE6-4.el5.x86_64.rpm
a28b81c4db7491dabef47130c7d006b1 squid-debuginfo-2.6.STABLE6-4.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
bbbe184b6f26ec847ee14a3db3dcdb2e squid-2.6.STABLE6-4.el5.src.rpm
i386:
2daca6e79b859f32057504b14655ce4f squid-2.6.STABLE6-4.el5.i386.rpm
0cccd20c1ffb96e8be9b3e4b5f1ddb8c squid-debuginfo-2.6.STABLE6-4.el5.i386.rpm
ia64:
ba9e6a7ffad839c61d23bf192a9b20f1 squid-2.6.STABLE6-4.el5.ia64.rpm
1dbc1713e877685421c332530f68cfaf squid-debuginfo-2.6.STABLE6-4.el5.ia64.rpm
ppc:
0d1bbc0e51d7ac6a63346063fa7a6fc6 squid-2.6.STABLE6-4.el5.ppc.rpm
5dba2eb601fe8b9425d6bdfa6592d776 squid-debuginfo-2.6.STABLE6-4.el5.ppc.rpm
s390x:
e40cb7de3f49967ba5a6ab35007a8915 squid-2.6.STABLE6-4.el5.s390x.rpm
1d2e5f3aacc0693785c2598b9dbeb87d squid-debuginfo-2.6.STABLE6-4.el5.s390x.rpm
x86_64:
b636c16f03f747d185753ae600ccc8c6 squid-2.6.STABLE6-4.el5.x86_64.rpm
a28b81c4db7491dabef47130c7d006b1 squid-debuginfo-2.6.STABLE6-4.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560 http://www.redhat.com/security/updates/classification/#moderate
Package List
Topic
Topic
Relevant Releases Architectures
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Bugs Fixed