-------- Original Message -------- Subject: [SECURITY] Updated squid package fixes a security vulnerability Date: Thu, 15 Apr 2004 14:33:56 -0400 From: Jay Fenlason <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED]
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-104 2004-04-15 ---------------------------------------------------------------------
Name : squid Version : 2.5.STABLE3 Release : 1.fc1 Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.
--------------------------------------------------------------------- Update Information:
--------------------------------------------------------------------- * Tue Mar 09 2004 Jay Fenlason <[EMAIL PROTECTED]> 7:2.5.STABLE3-1.fc1
- Backport security fix for %00 hole. See CAN-2004-0189:
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows
remote attackers to bypass url_regex ACLs via a URL with a NULL
("%00") characterm, which causes Squid to use only a portion of the
requested URL when comparing it against the access control lists.
- Backport security fix that adds urllogin acl type that can be used to
protect vulnerable Microsoft Internet Explorer clients.
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
5b3bd9a972398edcacf4801ddc5718a2 SRPMS/squid-2.5.STABLE3-1.fc1.src.rpm
c48dccb3751ed519ac1189c8183540b7 i386/squid-2.5.STABLE3-1.fc1.i386.rpm
9a6eb17ff52b70020252026bb77b9279 i386/debug/squid-debuginfo-2.5.STABLE3-1.fc1.i386.rpm
6754ae8a0898506e7488975f9bb43cca x86_64/squid-2.5.STABLE3-1.fc1.x86_64.rpm
617e9faefdfc4a3fa1c9018e0ac7787f x86_64/debug/squid-debuginfo-2.5.STABLE3-1.fc1.x86_64.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------
-- fedora-announce-list mailing list [EMAIL PROTECTED] http://www.redhat.com/mailman/listinfo/fedora-announce-list
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
