===================================================================== CERT-Renater Note d'Information No. 2005/VULN308 _____________________________________________________________________ DATE : 18/05/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Squid. ====================================================================== - --------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-373 2005-05-17 - --------------------------------------------------------------------- Product : Fedora Core 3 Name : squid Version : 2.5.STABLE9 Release : 1.FC3.6 Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. - --------------------------------------------------------------------- * Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.6 - - More upstream patches, including ones for bz#157456 CAN-2005-1519 DNS lookups unreliable on untrusted networks bz#156162 CVE-1999-0710 cachemgr.cgi access control bypass - - The following bugs had already been fixed, but the announcements were lost bz#156711 CAN-2005-1390 HTTP Request Smuggling Vulnerabilities bz#156703 CAN-2005-1389 HTTP Response Splitting Vulnerabilities (Both fixed by squid-7:2.5.STABLE8-1.FC3.1) bz#151419 Unexpected access control results on configuration errors (Fixed by 7:2.5.STABLE9-1.FC3.2) bz#152647#squid-2.5.STABLE9-1.FC3.4.x86_64.rpm is broken (fixed by 7:2.5.STABLE9-1.FC3.5) bz#141938 squid ldap authentification broken (Fixed by 7:2.5.STABLE7-1.FC3) * Fri Apr 1 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.5 - - More upstream patches, including a new version of the -2GB patch that doesn't break diskd. - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ c94ce8b9fc2ae09b867fa73a4036901b SRPMS/squid-2.5.STABLE9-1.FC3.6.src.rpm 6862c9189f1686280b95a31501ce5283 x86_64/squid-2.5.STABLE9-1.FC3.6.x86_64.rpm 5e96af43a684836da7e88279a5643b1a x86_64/debug/squid-debuginfo-2.5.STABLE9-1.FC3.6.x86_64.rpm 81f8f55caf7f423054356ae57c2d02f9 i386/squid-2.5.STABLE9-1.FC3.6.i386.rpm e912773d9f9889686a70debe1c1146c8 i386/debug/squid-debuginfo-2.5.STABLE9-1.FC3.6.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. - --------------------------------------------------------------------- - -- fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list - ---------------------------------------------------------------------------------- ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================