LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2013-13468 (squid)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 19 Update: squid-3.2.13-1.fc19 


Date:
    	      Fri, 02 Aug 2013 21:49:28 +0000


Message-ID:
    	      <20130802214928.D898822AC0@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-13468
2013-07-24 01:31:32
--------------------------------------------------------------------------------

Name        : squid
Product     : Fedora 19
Version     : 3.2.13
Release     : 1.fc19
URL         : http://www.squid-cache.org
Summary     : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

--------------------------------------------------------------------------------
Update Information:

This is security update that fixes CVE-2013-4123 and CVE-2013-4115.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 22 2013 Michal Luscon <mluscon@redhat.com> - 7:3.3.8-1
- Update to latest upstream version 3.2.13
- Fixed: CVE-2013-4123
* Fri May  3 2013 Michal Luscon <mluscon@redhat.com> - 7:3.2.11-1
- Update to latest upstream version 3.2.11
* Tue Apr 23 2013 Michal Luscon <mluscon@redhat.com> - 7:3.2.9-3
- Option '-k' is not stated in squidclient man
- Remove pid from service file(#913262)
* Fri Apr 19 2013 Michal Luscon <mluscon@redhat.com> - 7:3.2.9-2
- Enable full RELRO (-Wl,-z,relro -Wl,-z,now)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #984632 - CVE-2013-4123 squid: Denial of service when processing specially-crafted HTTP
requests (SQUID-2013:3)
        https://bugzilla.redhat.com/show_bug.cgi?id=984632
  [ 2 ] Bug #983653 - CVE-2013-4115 squid: DoS (crash) due to a buffer overflow when processing
overly long DNS names
        https://bugzilla.redhat.com/show_bug.cgi?id=983653
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update squid' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds