Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in squid
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in squid
ID: MDKSA-2005:162
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva Corporate Server 2.1, Mandriva 10.2, Mandriva Multi Network Firewall 2.0
Datum: Di, 13. September 2005, 08:17
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796
Applikationen: Squid

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1126592205-805-3521

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           squid
 Advisory ID:            MDKSA-2005:162
 Date:                   September 12th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Two vulnerabilities were recently discovered in squid:
 
 The first is a DoS possible via certain aborted requests that trigger
 an assertion error related to "STOP_PENDING" (CAN-2005-2794).
 
 The second is a DoS caused by certain crafted requests and SSL timeouts
 (CAN-2005-2796).
 
 The updated packages have been patched to address these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 fc6ae27559810d7cb00916683bb96091 
 10.1/RPMS/squid-2.5.STABLE9-1.3.101mdk.i586.rpm
 4c76043826e02d944f752fa5b65df065 
 10.1/SRPMS/squid-2.5.STABLE9-1.3.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 27e142d3fe10a00f53e1b81908623c9d 
 x86_64/10.1/RPMS/squid-2.5.STABLE9-1.3.101mdk.x86_64.rpm
 4c76043826e02d944f752fa5b65df065 
 x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.3.101mdk.src.rpm

 Mandrakelinux 10.2:
 1f1cd358e0c3d5f299310cc0c978bfcc 
 10.2/RPMS/squid-2.5.STABLE9-1.3.102mdk.i586.rpm
 fac7af713eab60a0162f1f9db6db59a9 
 10.2/SRPMS/squid-2.5.STABLE9-1.3.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 961517306d7678b0f708f24d79431246 
 x86_64/10.2/RPMS/squid-2.5.STABLE9-1.3.102mdk.x86_64.rpm
 fac7af713eab60a0162f1f9db6db59a9 
 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.3.102mdk.src.rpm

 Multi Network Firewall 2.0:
 2ce290ea1cd8daa631bb5e7adcde4bc2 
 mnf/2.0/RPMS/squid-2.5.STABLE9-1.3.M20mdk.i586.rpm
 46b958e5ef7c7ead62bb216ea474ae5b 
 mnf/2.0/SRPMS/squid-2.5.STABLE9-1.3.M20mdk.src.rpm

 Corporate Server 2.1:
 3d77f46d83d5f4059801d5cef8619cd0 
 corporate/2.1/RPMS/squid-2.4.STABLE7-2.8.C21mdk.i586.rpm
 86621b440fd1545b3de520d812a2ad84 
 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.8.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 a7e76046c6cbdf2096ee0981b873a684 
 x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.8.C21mdk.x86_64.rpm
 86621b440fd1545b3de520d812a2ad84 
 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.8.C21mdk.src.rpm

 Corporate 3.0:
 e25ada5ae035fcc193afe90b5b977588 
 corporate/3.0/RPMS/squid-2.5.STABLE9-1.3.C30mdk.i586.rpm
 f47e0db9289695e0d1ac8ca80ed4d5a1 
 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 75553a5ca63867a16bfbb8d58621e328 
 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.3.C30mdk.x86_64.rpm
 f47e0db9289695e0d1ac8ca80ed4d5a1 
 x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDJmwNmqjQ0CJFipgRAopxAJ9oq3Kxmclch173mRHahrAxSi048gCgoUuY
Uvnav2q4Ib6qbfdDJ4LVyto=
=1NpH
-----END PGP SIGNATURE-----


------------=_1126592205-805-3521
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1126592205-805-3521--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung