drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in squid
Name: |
Denial of Service in squid |
|
ID: |
MDKSA-2007:068 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0, Mandriva Corporate 4.0, Mandriva 2007.0 |
|
Datum: |
Do, 22. März 2007, 22:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560 |
|
Applikationen: |
Squid |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1174599013-8862-2004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:068 http://www.mandriva.com/security/ _______________________________________________________________________ Package : squid Date : March 22, 2007 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service. Updated packages have been patched to address this issue. _______________________________________________________________________
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: e56b626c99d9fde6e6ce2e3229365507 2006.0/i586/squid-2.5.STABLE10-10.4.20060mdk.i586.rpm fe14ce71483e6d00471a9b157f1394ad 2006.0/i586/squid-cachemgr-2.5.STABLE10-10.4.20060mdk.i586.rpm e3dca65061ce799f0a14843ff6c9494e 2006.0/SRPMS/squid-2.5.STABLE10-10.4.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64: 76f9515ef619dfef179bcd89195fe922 2006.0/x86_64/squid-2.5.STABLE10-10.4.20060mdk.x86_64.rpm 2ef40237eb928e6c93c769b5a89e9436 2006.0/x86_64/squid-cachemgr-2.5.STABLE10-10.4.20060mdk.x86_64.rpm e3dca65061ce799f0a14843ff6c9494e 2006.0/SRPMS/squid-2.5.STABLE10-10.4.20060mdk.src.rpm
Mandriva Linux 2007.0: 054f7d10fda6b956f9dc3631dfc6d4b0 2007.0/i586/squid-2.6.STABLE1-4.3mdv2007.0.i586.rpm cff3225c30326efd3b60d22a0834556a 2007.0/i586/squid-cachemgr-2.6.STABLE1-4.3mdv2007.0.i586.rpm 39da38403992ae890878163921074e66 2007.0/SRPMS/squid-2.6.STABLE1-4.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 5eefe7e1c4c3220e38d7832690cb323d 2007.0/x86_64/squid-2.6.STABLE1-4.3mdv2007.0.x86_64.rpm 6b0627995c722c40a0159979553a89ff 2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.3mdv2007.0.x86_64.rpm 39da38403992ae890878163921074e66 2007.0/SRPMS/squid-2.6.STABLE1-4.3mdv2007.0.src.rpm
Corporate 3.0: a986e19d7ba9623b4dda97a6bba72f79 corporate/3.0/i586/squid-2.5.STABLE9-1.7.C30mdk.i586.rpm c19c9d0a546f9a49760ef0fdff1c3b20 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.7.C30mdk.src.rpm
Corporate 3.0/X86_64: d7f677e1f272e638ee960755459b1ded corporate/3.0/x86_64/squid-2.5.STABLE9-1.7.C30mdk.x86_64.rpm c19c9d0a546f9a49760ef0fdff1c3b20 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.7.C30mdk.src.rpm
Corporate 4.0: 6ab68dde26eb1474b501e657dffa8559 corporate/4.0/i586/squid-2.6.STABLE1-4.3.20060mlcs4.i586.rpm 9bdf42003bc25b658a0a1f068161e88a corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.3.20060mlcs4.i586.rpm 37dc55633b7cf98ac69109074bf19eb9 corporate/4.0/SRPMS/squid-2.6.STABLE1-4.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 0e5bb0f771ab24c33cd83df0b5ce6925 corporate/4.0/x86_64/squid-2.6.STABLE1-4.3.20060mlcs4.x86_64.rpm 318eefc20e4b2e90f297edd4e0d3b9b4 corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.3.20060mlcs4.x86_64.rpm 37dc55633b7cf98ac69109074bf19eb9 corporate/4.0/SRPMS/squid-2.6.STABLE1-4.3.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 0eb2b836cb6c6f04b7bdf588a82de958 mnf/2.0/i586/squid-2.5.STABLE9-1.7.M20mdk.i586.rpm bd364264eb1262e255b796714cbe2f58 mnf/2.0/SRPMS/squid-2.5.STABLE9-1.7.M20mdk.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGAsammqjQ0CJFipgRAgWnAJsE+IF5RHjBEyO6xZX290rMpkF8swCg4vOF XbU1oT9mGL+HAUUT/KlBxDQ= =9mdl -----END PGP SIGNATURE-----
------------=_1174599013-8862-2004 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1174599013-8862-2004--
|
|
|
|