Login
Newsletter
Werbung

Sicherheit: Denial of Service in squid
Aktuelle Meldungen Distributionen
Name: Denial of Service in squid
ID: MDVSA-2008:002
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1, Mandriva 2008.0
Datum: Sa, 5. Januar 2008, 00:47
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239
Applikationen: Squid

Originalnachricht

This is a multi-part message in MIME format...

------------=_1199490418-4794-7793


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:002
http://www.mandriva.com/security/
_______________________________________________________________________

Package : squid
Date : January 4, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

The cache update reply processing functionality in Squid 2.x before
2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial
of service (crash) via unknown vectors related to HTTP headers.

The updated package fixes this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
96faafb7a9e07b278a0aafa84bf926ae
2007.0/i586/squid-2.6.STABLE1-4.4mdv2007.0.i586.rpm
03fad047effae58ca2489e80aa1bfa5b
2007.0/i586/squid-cachemgr-2.6.STABLE1-4.4mdv2007.0.i586.rpm
37dfa22f24df058851acc5c3c1b5879d
2007.0/SRPMS/squid-2.6.STABLE1-4.4mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c2ed1ce138a117d92a9d1258e19853a4
2007.0/x86_64/squid-2.6.STABLE1-4.4mdv2007.0.x86_64.rpm
8b1db434ee0e509aa71d7b1c81f62665
2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.4mdv2007.0.x86_64.rpm
37dfa22f24df058851acc5c3c1b5879d
2007.0/SRPMS/squid-2.6.STABLE1-4.4mdv2007.0.src.rpm

Mandriva Linux 2007.1:
4e5314934a52d574cfab66fab288fec1
2007.1/i586/squid-2.6.STABLE7-2.1mdv2007.1.i586.rpm
ea5fff3e07bb15bca7a2c3b3fd1dce43
2007.1/i586/squid-cachemgr-2.6.STABLE7-2.1mdv2007.1.i586.rpm
8ae95395bd9b0bd3888561ce359048db
2007.1/SRPMS/squid-2.6.STABLE7-2.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
c4b1a7b86c812f272601c76c757a456e
2007.1/x86_64/squid-2.6.STABLE7-2.1mdv2007.1.x86_64.rpm
48bd862e07da9f1aacbf8f4e30ebc734
2007.1/x86_64/squid-cachemgr-2.6.STABLE7-2.1mdv2007.1.x86_64.rpm
8ae95395bd9b0bd3888561ce359048db
2007.1/SRPMS/squid-2.6.STABLE7-2.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
471283e5ec222b4558804201ed528580
2008.0/i586/squid-2.6.STABLE16-1.2mdv2008.0.i586.rpm
aae1cede196ab3ee8ce872a4f9339197
2008.0/i586/squid-cachemgr-2.6.STABLE16-1.2mdv2008.0.i586.rpm
3b7ac01f28af138e6a4a911ea13c3014
2008.0/SRPMS/squid-2.6.STABLE16-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
ee831d24d0027f9e30d329ba19481572
2008.0/x86_64/squid-2.6.STABLE16-1.2mdv2008.0.x86_64.rpm
4d788055f21fd55b228881b66d4e351e
2008.0/x86_64/squid-cachemgr-2.6.STABLE16-1.2mdv2008.0.x86_64.rpm
3b7ac01f28af138e6a4a911ea13c3014
2008.0/SRPMS/squid-2.6.STABLE16-1.2mdv2008.0.src.rpm

Corporate 3.0:
b80be38521a9c761ddeb3fac585a5bef
corporate/3.0/i586/squid-2.5.STABLE9-1.8.C30mdk.i586.rpm
068c0327621ff22367dd979aa9f7ecee
corporate/3.0/SRPMS/squid-2.5.STABLE9-1.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
2c0eaf65b0c65bb56793bce55d2ac0fc
corporate/3.0/x86_64/squid-2.5.STABLE9-1.8.C30mdk.x86_64.rpm
068c0327621ff22367dd979aa9f7ecee
corporate/3.0/SRPMS/squid-2.5.STABLE9-1.8.C30mdk.src.rpm

Corporate 4.0:
69d5364d1187f459934c86e311bf6d96
corporate/4.0/i586/squid-2.6.STABLE1-4.4.20060mlcs4.i586.rpm
9cab80bad8eac5d17af87f8411185529
corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.4.20060mlcs4.i586.rpm
33c75a040e930c85e7668b160216558a
corporate/4.0/SRPMS/squid-2.6.STABLE1-4.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
37a81cbfac6f8937fd74e4b672e04019
corporate/4.0/x86_64/squid-2.6.STABLE1-4.4.20060mlcs4.x86_64.rpm
df0f15a253003d6b2c234e4a5ccfbff1
corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.4.20060mlcs4.x86_64.rpm
33c75a040e930c85e7668b160216558a
corporate/4.0/SRPMS/squid-2.6.STABLE1-4.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
0d291e6348ec79f86213230619ce7cfd
mnf/2.0/i586/squid-2.5.STABLE9-1.8.M20mdk.i586.rpm
2192fc9b2b9e1e000e144abf8e054860
mnf/2.0/SRPMS/squid-2.5.STABLE9-1.8.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkd+mOMACgkQmqjQ0CJFipjgwACeLzJfKZn1RHqoqzVsxczyJcHO
v9kAn1gapJ/F6MciY5VtzOaHumprqySG
=Qb45
-----END PGP SIGNATURE-----


------------=_1199490418-4794-7793
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1199490418-4794-7793--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung