MDKSA-2005:162 - Updated squid packages fix vulnerabilities

From: Mandriva Security Team (security_at_mandriva.com)
Date: 09/13/05

  • Next message: Mandriva Security Team: "MDKSA-2005:163 - Updated MySQL packages fix vulnerability"
    To: bugtraq@securityfocus.com
    Date: Tue, 13 Sep 2005 00:05:01 -0600
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                    Mandriva Linux Security Update Advisory
     _______________________________________________________________________

     Package name: squid
     Advisory ID: MDKSA-2005:162
     Date: September 12th, 2005

     Affected versions: 10.1, 10.2, Corporate 3.0,
                             Corporate Server 2.1,
                             Multi Network Firewall 2.0
     ______________________________________________________________________

     Problem Description:

     Two vulnerabilities were recently discovered in squid:
     
     The first is a DoS possible via certain aborted requests that trigger
     an assertion error related to "STOP_PENDING" (CAN-2005-2794).
     
     The second is a DoS caused by certain crafted requests and SSL timeouts
     (CAN-2005-2796).
     
     The updated packages have been patched to address these issues.
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.1:
     fc6ae27559810d7cb00916683bb96091 10.1/RPMS/squid-2.5.STABLE9-1.3.101mdk.i586.rpm
     4c76043826e02d944f752fa5b65df065 10.1/SRPMS/squid-2.5.STABLE9-1.3.101mdk.src.rpm

     Mandrakelinux 10.1/X86_64:
     27e142d3fe10a00f53e1b81908623c9d x86_64/10.1/RPMS/squid-2.5.STABLE9-1.3.101mdk.x86_64.rpm
     4c76043826e02d944f752fa5b65df065 x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.3.101mdk.src.rpm

     Mandrakelinux 10.2:
     1f1cd358e0c3d5f299310cc0c978bfcc 10.2/RPMS/squid-2.5.STABLE9-1.3.102mdk.i586.rpm
     fac7af713eab60a0162f1f9db6db59a9 10.2/SRPMS/squid-2.5.STABLE9-1.3.102mdk.src.rpm

     Mandrakelinux 10.2/X86_64:
     961517306d7678b0f708f24d79431246 x86_64/10.2/RPMS/squid-2.5.STABLE9-1.3.102mdk.x86_64.rpm
     fac7af713eab60a0162f1f9db6db59a9 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.3.102mdk.src.rpm

     Multi Network Firewall 2.0:
     2ce290ea1cd8daa631bb5e7adcde4bc2 mnf/2.0/RPMS/squid-2.5.STABLE9-1.3.M20mdk.i586.rpm
     46b958e5ef7c7ead62bb216ea474ae5b mnf/2.0/SRPMS/squid-2.5.STABLE9-1.3.M20mdk.src.rpm

     Corporate Server 2.1:
     3d77f46d83d5f4059801d5cef8619cd0 corporate/2.1/RPMS/squid-2.4.STABLE7-2.8.C21mdk.i586.rpm
     86621b440fd1545b3de520d812a2ad84 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.8.C21mdk.src.rpm

     Corporate Server 2.1/X86_64:
     a7e76046c6cbdf2096ee0981b873a684 x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.8.C21mdk.x86_64.rpm
     86621b440fd1545b3de520d812a2ad84 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.8.C21mdk.src.rpm

     Corporate 3.0:
     e25ada5ae035fcc193afe90b5b977588 corporate/3.0/RPMS/squid-2.5.STABLE9-1.3.C30mdk.i586.rpm
     f47e0db9289695e0d1ac8ca80ed4d5a1 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.3.C30mdk.src.rpm

     Corporate 3.0/X86_64:
     75553a5ca63867a16bfbb8d58621e328 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.3.C30mdk.x86_64.rpm
     f47e0db9289695e0d1ac8ca80ed4d5a1 x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.3.C30mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     All packages are signed by Mandriva for security. You can obtain the
     GPG public key of the Mandriva Security Team by executing:

      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

     You can view other update advisories for Mandriva Linux at:

      http://www.mandriva.com/security/advisories

     If you want to report vulnerabilities, please contact

      security_(at)_mandriva.com
     _______________________________________________________________________

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Mandriva Security Team
      <security*mandriva.com>

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFDJmwNmqjQ0CJFipgRAopxAJ9oq3Kxmclch173mRHahrAxSi048gCgoUuY
    Uvnav2q4Ib6qbfdDJ4LVyto=
    =1NpH
    -----END PGP SIGNATURE-----


  • Next message: Mandriva Security Team: "MDKSA-2005:163 - Updated MySQL packages fix vulnerability"