-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1732 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1732 2004-06-16 - --------------------------------------------------------------------- Name : squid Version 9 : 2.5.STABLE1-4.10.legacy Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. - --------------------------------------------------------------------- Update Information: Remote exploitation of a buffer overflow vulnerability in Squid Web Proxy Cache could allow a remote attacker to execute arbitrary code. A remote attacker can compromise a target system if Squid Proxy is configured to use the NTLM authentication helper. The attacker can send an overly long password to overflow the buffer and execute arbitrary code. iDEFENSE has confirmed the existence of this vulnerability in Squid-Proxy 2.5.*-STABLE and 3.*-PRE when Squid-Proxy is compiled with the NTLM helper enabled. - --------------------------------------------------------------------- Changelog: 9: * Tue Jun 15 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 7:2.5.STABLE1-4.10.legacy - - Added openssl-devel cyrus-sasl-devel as buildreqs. * Tue Jun 08 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 7:2.5.STABLE1-4.9.legacy - - CAN-2004-0541 security patch (NTLM Authentication Helper Buffer Overflow) * Tue Mar 09 2004 Jay Fenlason <fenlason@xxxxxxxxxx> 7:2.5.STABLE1-3.9 - - Backport patch for %00 vulnerability - - Backport patch to support the new urllogin acl type so squid can be configured to protect vulnerable Microsoft Internet Explorer users. - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ d22a414bdee2eaa3bd7c067afc0c181ee78e0a68 9/updates-testing/SRPMS/squid-2.5.STABLE1-4.10.legacy.src.rpm 3af36a2a723d62f34337a3b56f3b4a0a8705288f 9/updates-testing/i386/squid-2.5.STABLE1-4.10.legacy.i386.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. - --------------------------------------------------------------------- - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0RcP4v2HLvE71NURAnDKAJ9S1ESYbN/Pa7oCXJ3SrYe3GYyRawCeI/JK OIjIASyaYp4/OKcGd+XBBBE= =Sjap -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
