* Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 15/08/11 23:52, Ralf Hildebrandt wrote: > >With today's BZR checkout (3.2-HEAD) I'm getting a lot of "SECURITY > >ALERT: Host: header forgery detected" with everyday requests: > > > >2011/08/15 13:50:59.016| SECURITY ALERT: Host: header forgery detected from local=141.42.1.205:8080 remote=10.43.65.227:3266 FD 1312 flags=1 (amsprd0104.outlook.com:443 does not match amsprd0104.outlook.com) > > We now forcibly detect CVE-2009-0801 vulnerability abuse. A few cases > have been found missing from the detection. Please apply these two > patches in this order: > > > http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/squid-3-11647.patch > http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/squid-3-11649.patch I tried to apply them both but: # patch -p1 < ../squid-3-11647.patch patching file ClientRequestContext.h Hunk #1 FAILED at 27. 1 out of 1 hunk FAILED -- saving rejects to file ClientRequestContext.h.rej patching file client_side_request.cc Hunk #1 FAILED at 546. Hunk #2 FAILED at 620. Hunk #3 FAILED at 638. 3 out of 3 hunks FAILED -- saving rejects to file client_side_request.cc.rej -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@xxxxxxxxxx | http://www.charite.de
