Freedom The Open Source Way Contribute Articles or News to OSForgeOSForge HomeLogout from Forums
Contacting OSForgeOSForge HomeAbout OSForge
  

Root
 Contribute News
 Learning Corner
 Linux Distributions
 Linux Common FAQ's
 Discussion Forums
Community Gallery
Links Directory
Search OSForge
Networking
 Industry Updates
 Linux & Open Source
 Opinions
 Press Release
 Programming
 Security
 Web Development
White Paper
Likewise Software Receives Ready for IBM Tivoli Validation
Plat'Home Unveils Final Results of “Will Linux Work?” Contest
Zenoss Announces Record Quarterly Customer Growth amid Struggling Economy
Latest Open-Xchange Server Edition Simplifies Integration, Easily Customizable
Cluster Resources Works With IBM to Provide Moab Hybrid Cluster on iDataPlex
Cluster Resources to Deomonstrate Moab Hybrid Cluster on Windows HPC Server 2008
Cluster Resources to Provide Moab Hybrid Cluster Solution on New Cray CX1(TM)
Plat'Home Unveils Winners of “Will Linux Work?” Contest
Zenoss Core Recognized as Best Open Source Network Monitoring Solution

View More

Mandrake Linux Security Advisory: squid
By : Eric Lim [www] Find more article by Eric Lim on Security
Wednesday the 17th, April 2002 at 02:30 AM (EDT)
Send this Story to a Friend Readers TalkBack (0) - 400 Reads

Printer Friendly Page Printable format
Send this Story to a Friend Foward to Email

Mandrake Linux Security Advisory: squid

______________________________________________________________________

                Mandrake Linux Security Update Advisory
______________________________________________________________________

Package name:           squid
Advisory ID:            MDKSA-2002:027
Date:                   April 16th, 2002
Affected versions:      7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1,
                        Single Network Firewall 7.2
______________________________________________________________________

Problem Description:
A security issue has recently been found and fixed in the Squid-2.X
releases up to and including 2.4.STABLE4.

Error and boundary conditions were not checked when handling compressed
DNS answer messages in the internal DNS code (lib/rfc1035.c).  A
malicous DNS server could craft a DNS reply that causes Squid to exit
with a SIGSEGV.
______________________________________________________________________

References:

http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
______________________________________________________________________

Updated Packages:

Linux-Mandrake 7.1:
a8521febeb22c7a61d39fc03694ce8fa  7.1/RPMS/squid-2.4.STABLE6-1.3mdk.i586.rpm
b6277223c10037008cc296ed4246c2fa  7.1/SRPMS/squid-2.4.STABLE6-1.3mdk.src.rpm

Linux-Mandrake 7.2:
07b6200cb3429e12fa17c55d0905c098  7.2/RPMS/squid-2.4.STABLE6-1.3mdk.i586.rpm
b6277223c10037008cc296ed4246c2fa  7.2/SRPMS/squid-2.4.STABLE6-1.3mdk.src.rpm

Mandrake Linux 8.0:
4f19e1c8f64f4c42cbffdb493dd8aef0  8.0/RPMS/squid-2.4.STABLE6-1.2mdk.i586.rpm
501b0506b806ec4e1621d772ed35f8c2  8.0/SRPMS/squid-2.4.STABLE6-1.2mdk.src.rpm

Mandrake Linux 8.0/ppc:
6edade11924a82f716b41ab113ff158f  ppc/8.0/RPMS/squid-2.4.STABLE6-1.2mdk.ppc.rpm
501b0506b806ec4e1621d772ed35f8c2  ppc/8.0/SRPMS/squid-2.4.STABLE6-1.2mdk.src.rpm

Mandrake Linux 8.1:
92dd6f13a2cc1e67159a35f195788ce3  8.1/RPMS/squid-2.4.STABLE6-1.1mdk.i586.rpm
ffa0862cb28670c146aa60c3ddfffd89  8.1/SRPMS/squid-2.4.STABLE6-1.1mdk.src.rpm

Mandrake Linux 8.1/ia64:
5090519d39c53bfef418e5cf06835c97  ia64/8.1/RPMS/squid-2.4.STABLE6-1.1mdk.ia64.rpm
ffa0862cb28670c146aa60c3ddfffd89  ia64/8.1/SRPMS/squid-2.4.STABLE6-1.1mdk.src.rpm

Mandrake Linux 8.2:
48854ffb620b739d98bf2a4d93aa761e  8.2/RPMS/squid-2.4.STABLE6-1.1mdk.i586.rpm
ffa0862cb28670c146aa60c3ddfffd89  8.2/SRPMS/squid-2.4.STABLE6-1.1mdk.src.rpm

Mandrake Linux 8.2/ppc:
56232a6132d8761f53c93f8bbc9a5127  ppc/8.2/RPMS/squid-2.4.STABLE6-1.1mdk.ppc.rpm
ffa0862cb28670c146aa60c3ddfffd89  ppc/8.2/SRPMS/squid-2.4.STABLE6-1.1mdk.src.rpm

Corporate Server 1.0.1:
a8521febeb22c7a61d39fc03694ce8fa  1.0.1/RPMS/squid-2.4.STABLE6-1.3mdk.i586.rpm
b6277223c10037008cc296ed4246c2fa  1.0.1/SRPMS/squid-2.4.STABLE6-1.3mdk.src.rpm

Single Network Firewall 7.2:
07b6200cb3429e12fa17c55d0905c098  snf7.2/RPMS/squid-2.4.STABLE6-1.3mdk.i586.rpm
b6277223c10037008cc296ed4246c2fa  snf7.2/SRPMS/squid-2.4.STABLE6-1.3mdk.src.rpm
______________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

______________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com

  
Reader Rating from 1-5

 

Poor very 
1
2
3
4
5 		 very Excellent

Talkback

Post Your Talkback | View All Talkback (0 Posted)

 Currently there are no Talkback posted on "Mandrake Linux Security Advisory: squid", Click here to be the first to post a talkback.

 
Scroll Up

   About | Term of Use | Privacy | Contact us | Tell a Friend | Advertise  

 OSForge News RSS Feed