Mandriva: Updated squid packages fix DoS vulnerability - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Mandriva: Updated squid packages fix DoS vulnerability

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service. Updated packages have been patched to address this issue.

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:068
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : squid
 Date    : March 22, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Due to an internal error Squid-2.6 is vulnerable to a denial of service
 attack when processing the TRACE request method. This problem allows
 any client trusted to use the service to perform a denial of service
 attack on the Squid service.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 e56b626c99d9fde6e6ce2e3229365507  2006.0/i586/squid-2.5.STABLE10-10.4.20060mdk.i586.rpm
 fe14ce71483e6d00471a9b157f1394ad  2006.0/i586/squid-cachemgr-2.5.STABLE10-10.4.20060mdk.i586.rpm 
 e3dca65061ce799f0a14843ff6c9494e  2006.0/SRPMS/squid-2.5.STABLE10-10.4.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 76f9515ef619dfef179bcd89195fe922  2006.0/x86_64/squid-2.5.STABLE10-10.4.20060mdk.x86_64.rpm
 2ef40237eb928e6c93c769b5a89e9436  2006.0/x86_64/squid-cachemgr-2.5.STABLE10-10.4.20060mdk.x86_64.rpm 
 e3dca65061ce799f0a14843ff6c9494e  2006.0/SRPMS/squid-2.5.STABLE10-10.4.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 054f7d10fda6b956f9dc3631dfc6d4b0  2007.0/i586/squid-2.6.STABLE1-4.3mdv2007.0.i586.rpm
 cff3225c30326efd3b60d22a0834556a  2007.0/i586/squid-cachemgr-2.6.STABLE1-4.3mdv2007.0.i586.rpm 
 39da38403992ae890878163921074e66  2007.0/SRPMS/squid-2.6.STABLE1-4.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 5eefe7e1c4c3220e38d7832690cb323d  2007.0/x86_64/squid-2.6.STABLE1-4.3mdv2007.0.x86_64.rpm
 6b0627995c722c40a0159979553a89ff  2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.3mdv2007.0.x86_64.rpm 
 39da38403992ae890878163921074e66  2007.0/SRPMS/squid-2.6.STABLE1-4.3mdv2007.0.src.rpm

 Corporate 3.0:
 a986e19d7ba9623b4dda97a6bba72f79  corporate/3.0/i586/squid-2.5.STABLE9-1.7.C30mdk.i586.rpm 
 c19c9d0a546f9a49760ef0fdff1c3b20  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d7f677e1f272e638ee960755459b1ded  corporate/3.0/x86_64/squid-2.5.STABLE9-1.7.C30mdk.x86_64.rpm 
 c19c9d0a546f9a49760ef0fdff1c3b20  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.7.C30mdk.src.rpm

 Corporate 4.0:
 6ab68dde26eb1474b501e657dffa8559  corporate/4.0/i586/squid-2.6.STABLE1-4.3.20060mlcs4.i586.rpm
 9bdf42003bc25b658a0a1f068161e88a  corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.3.20060mlcs4.i586.rpm 
 37dc55633b7cf98ac69109074bf19eb9  corporate/4.0/SRPMS/squid-2.6.STABLE1-4.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0e5bb0f771ab24c33cd83df0b5ce6925  corporate/4.0/x86_64/squid-2.6.STABLE1-4.3.20060mlcs4.x86_64.rpm
 318eefc20e4b2e90f297edd4e0d3b9b4  corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.3.20060mlcs4.x86_64.rpm 
 37dc55633b7cf98ac69109074bf19eb9  corporate/4.0/SRPMS/squid-2.6.STABLE1-4.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 0eb2b836cb6c6f04b7bdf588a82de958  mnf/2.0/i586/squid-2.5.STABLE9-1.7.M20mdk.i586.rpm 
 bd364264eb1262e255b796714cbe2f58  mnf/2.0/SRPMS/squid-2.5.STABLE9-1.7.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team