Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:195 - Updated squid packages fix vulnerabilities
From: Mandriva Security Team <security () mandriva com>
Date: Wed, 26 Oct 2005 15:33:21 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:195
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : squid
 Date    : October 26, 2005
 Affected: 10.1,  10.2,  2006.0,  Corporate 2.1,  Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and
 earlier allows remote FTP servers to cause a denial of service
 (segmentation fault) via certain "odd" responses.
 
 The updated packages have been patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3258
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate Server 2.1:
 f8aca99b670bd1d7cd062d29d6e337c0  corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.i586.rpm
 575ebbe6d8c6dd4a88c85763de0955a6  corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 b2bb3b18fbaec34fa4a4de306f7badfa  x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.x86_64.rpm
 575ebbe6d8c6dd4a88c85763de0955a6  x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm

 Mandriva Linux 10.1:
 1aa5389665eb7c44fc1a6f2a62a9c3e4  10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.i586.rpm
 9000867a2ad94d095311053f36742abc  10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 d417b0a933c81eeee4462ff5bf0d207a  x86_64/10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.x86_64.rpm
 9000867a2ad94d095311053f36742abc  x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm

 Corporate 3.0:
 16a31934c2801715f0cb6290ea1c5c58  corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.i586.rpm
 aa1042be761e422dbee47cf3b5777b90  corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5c285a1e0df7c5de08424a73438ef094  x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.x86_64.rpm
 aa1042be761e422dbee47cf3b5777b90  x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 92a195660ac40c9b6ae9ca275054c501  mnf/2.0/RPMS/squid-2.5.STABLE9-1.5.M20mdk.i586.rpm
 1a97bb3873323ffe64629623c72d28c8  mnf/2.0/SRPMS/squid-2.5.STABLE9-1.5.M20mdk.src.rpm

 Mandriva Linux 10.2:
 442d8df682a4b46ae9f1c2e864b6505d  10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.i586.rpm
 bd75db1db5949be45168118bf9fd6e80  10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 08dcae009d962753884eb5c11ff1bdf3  x86_64/10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.x86_64.rpm
 bd75db1db5949be45168118bf9fd6e80  x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm

 Mandriva Linux 2006.0:
 6c8f78eaefa702ea819c53cab55ad715  2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.i586.rpm
 0b213d4496b8db93581a2b21388900af  2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.i586.rpm
 1a242f5c868a63decda6a14c18de0397  2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a8a30856a40f1067790ffb816c15ae4a  x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.x86_64.rpm
 7bbf70c2cbe5e22f6a5d9008ca96a887  x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.x86_64.rpm
 1a242f5c868a63decda6a14c18de0397  x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/YhmqjQ0CJFipgRAunuAKC/rhHWaig0Q45jzSWL/mR5HM7IdgCfcGyZ
1TWq5z48L6oDF1pvHOABkOw=
=cZLN
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2005:195 - Updated squid packages fix vulnerabilities Mandriva Security Team (Oct 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault