LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Multiple vulnerabilities fixed in Squid-2.4.STABLE7

Package(s):squid CVE #(s):
Created:July 8, 2002 Updated:November 15, 2002
Description: Here is the security advisory for the Squid proxy server reporting several vulnerabilities in versions up to and including 2.4.STABLE7. Several of the bugs are believed to allow remote code execution.

The security advisory lists the following changes:

  • Several bugfixes and cleanup of the Gopher client, both to correct some security issues and to make Squid properly render certain Gopher menus.
  • Security fixes in how Squid parses FTP directory listings into HTML
  • FTP data channels are now sanity checked to match the address of the requested FTP server. This to prevent theft or injection of data. See the new ftp_sanitycheck directive if this sanity check is not desired.
  • The MSNT auth helper has been updated to v2.0.3+fixes for buffer overflow security issues found in this helper.
  • A security issue in how Squid forwards proxy authentication credentials has been fixed
Alerts:
SCO Group CSSA-2002-046.0 2002-11-14
Eridani ERISA-2002:031 2002-07-26
Mandrake MDKSA-2002:044 2002-07-17
Trustix 2002-0062 2002-07-15
SuSE SuSE-SA:2002:025 2002-07-09
Conectiva CLA-2002:506 2002-07-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds