User: Password:
|
|
Subscribe / Log in / New account

Eridani alert ERISA-2002:027 (squid)

From:  Eridani Star System <linux@eridani.co.uk>
To:  eridani-announce@eridani.co.uk
Subject:  [Eridani-Announce] ERISA-2002:027 - squid
Date:  Thu, 4 Jul 2002 22:38:44 +0100 (BST)

========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: squid Summary: Vulnerabilities in DNS, FTP, MSNT auth and gopher handling Date: 2002-07-04 ID: ERISA-2002:027 ========================================================================= Problem description: Versions of squid prior to 2.4.STABLE6 contain a problem in the code used to handle compressed DNS replies, in that a malicious DNS server could cause Squid to crash. The MSNT auth helper (msnt_auth) contains several buffer overflow conditions when configured to use denyusers or allowusers access control files. Squid's gopher client was also found to contain several buffer overflow conditions. This made it (in theory at least) possible for a malicious gopher server to cause Squid to crash. The FTP data channel handling was found to contain a problem, possibly allowing abuse of the FTP proxy to bypass firewall rules or inject false FTP replies. Several potential buffer overflowconditions were found in the code which handled FTP directories, potentially allowing an untrusted FTP server to crash Squid. ------------------------------------------------------------------------- Updated packages: 1fda002f0f265560660a520c067e0295 squid-2.4.STABLE6-3.src.rpm 0dcdfbcb82885ab3ec82be33e91fc648 squid-2.4.STABLE6-3.i386.rpm ------------------------------------------------------------------------- References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0163 ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds