LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: November 17th, 2014
Linux Advisory Watch: November 14th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated squid packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL (CVE-2007-0247)
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:026
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : squid
 Date    : January 23, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in squid was discovered that could be remotely
 exploited by using a special ftp:// URL (CVE-2007-0247).

 Another Denial of Service vulnerability was discovered in squid 2.6
 that allows remote attackers to crash the server by causing an
 external_acl_queue overload (CVE-2007-0248).

 Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth
 has been corrected.

 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0247
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0248
 http://www.squid-cache.org/bugs/show_bug.cgi?id=1792
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 08e2ff96f1951e61a976ef60bbf6bea5  2006.0/i586/squid-2.5.STABLE10-10.3.20060mdk.i586.rpm
 59613107122da1dd6c0ce6724f563fed  2006.0/i586/squid-cachemgr-2.5.STABLE10-10.3.20060mdk.i586.rpm 
 96bdafa2207c70e46e2c6b958748b884  2006.0/SRPMS/squid-2.5.STABLE10-10.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 60c1f397b2ce5b283757b76da8c70df1  2006.0/x86_64/squid-2.5.STABLE10-10.3.20060mdk.x86_64.rpm
 b0ec419dcae41638d2f628f013c0e050  2006.0/x86_64/squid-cachemgr-2.5.STABLE10-10.3.20060mdk.x86_64.rpm 
 96bdafa2207c70e46e2c6b958748b884  2006.0/SRPMS/squid-2.5.STABLE10-10.3.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 21dd893ce118c427d7b34656e41939ec  2007.0/i586/squid-2.6.STABLE1-4.2mdv2007.0.i586.rpm
 4021d4e323f1fc695aa956832ede5dbd  2007.0/i586/squid-cachemgr-2.6.STABLE1-4.2mdv2007.0.i586.rpm 
 6800d5a945187fca10197220d3068e01  2007.0/SRPMS/squid-2.6.STABLE1-4.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 dd5ac455b5f94d7b5589d1ff80972dc3  2007.0/x86_64/squid-2.6.STABLE1-4.2mdv2007.0.x86_64.rpm
 e9968cd35f6c21988691982ab3d6c9dc  2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.2mdv2007.0.x86_64.rpm 
 6800d5a945187fca10197220d3068e01  2007.0/SRPMS/squid-2.6.STABLE1-4.2mdv2007.0.src.rpm

 Corporate 3.0:
 95c1ca980282b1c49b50a8507c7fd82d  corporate/3.0/i586/squid-2.5.STABLE9-1.6.C30mdk.i586.rpm 
 7a65ca526a37b6850f4b33f1959d8595  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5c575f5fb19da84a3c0f3ee92429c65c  corporate/3.0/x86_64/squid-2.5.STABLE9-1.6.C30mdk.x86_64.rpm 
 7a65ca526a37b6850f4b33f1959d8595  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.6.C30mdk.src.rpm

 Corporate 4.0:
 db2095e0e73bb231ffe40897b1666fbf  corporate/4.0/i586/squid-2.6.STABLE1-4.2.20060mlcs4.i586.rpm
 7fff9071842f6d87f10643a66d858373  corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.2.20060mlcs4.i586.rpm 
 46198dfe46b61033924be7a1050bf1d7  corporate/4.0/SRPMS/squid-2.6.STABLE1-4.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 a3431be4855f377ae0efaf7bf60c845f  corporate/4.0/x86_64/squid-2.6.STABLE1-4.2.20060mlcs4.x86_64.rpm
 7953d0208a17451f1465c69d244736fd  corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.2.20060mlcs4.x86_64.rpm 
 46198dfe46b61033924be7a1050bf1d7  corporate/4.0/SRPMS/squid-2.6.STABLE1-4.2.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 6df4b826639660123bd8cbaf045b3efd  mnf/2.0/i586/squid-2.5.STABLE9-1.6.M20mdk.i586.rpm 
 0c6029fd8710939fa1e187acbf2e1c70  mnf/2.0/SRPMS/squid-2.5.STABLE9-1.6.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers encrypted the entire City of Detroit DataBase & demanded ransom of 2000 bitcoins ($803,500)
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.