LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SL-squi-20111206 (squid)



From:
    	      riehecky@fnal.gov 


To:
    	      scientific-linux-errata@fnal.gov 


Subject:
    	      Security ERRATA Moderate: squid on SL6.x i386/x86_64 


Date:
    	      Thu, 8 Dec 2011 17:07:21 -0600


Message-ID:
    	      <201112082307.pB8N7Lnq030000@fefmon2.fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:    Moderate: squid security update
Issue Date:  2011-12-06
CVE Numbers: CVE-2011-4096


Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects. 

An input validation flaw was found in the way Squid calculated the total
number of resource records in the answer section of multiple name server
responses. An attacker could use this flaw to cause Squid to crash. 
(CVE-2011-4096)

Users of squid should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing this update, the
squid service will be restarted automatically.

SL6:
  i386
     squid-3.1.10-1.el6_2.1.i686.rpm
     squid-debuginfo-3.1.10-1.el6_2.1.i686.rpm
  x86_64
     squid-3.1.10-1.el6_2.1.x86_64.rpm
     squid-debuginfo-3.1.10-1.el6_2.1.x86_64.rpm

- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds