Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Fedora Core: Updated squid package fixes a security vulnerability
Posted by Philipp Esselbach on: 04/15/2004 03:47 PM [ Print | 0 comment(s) ]
An updated squid package has been released for Fedora Core
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-104
2004-04-15
---------------------------------------------------------------------
Name : squid
Version : 2.5.STABLE3
Release : 1.fc1
Summary : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-104
2004-04-15
---------------------------------------------------------------------
Name : squid
Version : 2.5.STABLE3
Release : 1.fc1
Summary : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.
---------------------------------------------------------------------
* Tue Mar 09 2004 Jay Fenlason fenlason@redhat.com 7:2.5.STABLE3-1.fc1
- Backport security fix for %00 hole. See CAN-2004-0189:
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows
remote attackers to bypass url_regex ACLs via a URL with a NULL
("%00") characterm, which causes Squid to use only a portion of the
requested URL when comparing it against the access control lists.
- Backport security fix that adds urllogin acl type that can be used to
protect vulnerable Microsoft Internet Explorer clients.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
5b3bd9a972398edcacf4801ddc5718a2 SRPMS/squid-2.5.STABLE3-1.fc1.src.rpm
c48dccb3751ed519ac1189c8183540b7 i386/squid-2.5.STABLE3-1.fc1.i386.rpm
9a6eb17ff52b70020252026bb77b9279 i386/debug/squid-debuginfo-2.5.STABLE3-1.fc1.i386.rpm
6754ae8a0898506e7488975f9bb43cca x86_64/squid-2.5.STABLE3-1.fc1.x86_64.rpm
617e9faefdfc4a3fa1c9018e0ac7787f x86_64/debug/squid-debuginfo-2.5.STABLE3-1.fc1.x86_64.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
* Tue Mar 09 2004 Jay Fenlason fenlason@redhat.com 7:2.5.STABLE3-1.fc1
- Backport security fix for %00 hole. See CAN-2004-0189:
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows
remote attackers to bypass url_regex ACLs via a URL with a NULL
("%00") characterm, which causes Squid to use only a portion of the
requested URL when comparing it against the access control lists.
- Backport security fix that adds urllogin acl type that can be used to
protect vulnerable Microsoft Internet Explorer clients.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
5b3bd9a972398edcacf4801ddc5718a2 SRPMS/squid-2.5.STABLE3-1.fc1.src.rpm
c48dccb3751ed519ac1189c8183540b7 i386/squid-2.5.STABLE3-1.fc1.i386.rpm
9a6eb17ff52b70020252026bb77b9279 i386/debug/squid-debuginfo-2.5.STABLE3-1.fc1.i386.rpm
6754ae8a0898506e7488975f9bb43cca x86_64/squid-2.5.STABLE3-1.fc1.x86_64.rpm
617e9faefdfc4a3fa1c9018e0ac7787f x86_64/debug/squid-debuginfo-2.5.STABLE3-1.fc1.x86_64.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
Related Threads
09/29/2007 09:59 AM: Dual booting Fedora Core 5 with Windows XP Pro? (5) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff