User: Password:
Subscribe / Log in / New account

Turbolinux alert TLSA2002003 (squid)

From:	 Turbolinux <>
Subject: [TL-Security-Announce] squid-2.4.STABLE2-3 TLSA2002003
Date:	 Thu, 24 Jan 2002 18:32:58 -0800


                        Turbolinux Security Announcement

        Package : squid
        Vulnerable Packages: All versions previous to 2.4.STABLE2-2
        Date: Thu Jan 24 18:32:20 PST 2002

        Affected Turbolinux versions:TL 6.x,
                                     All Turbolinux versions
                                     2.4.STABLE2-1 and earlier

        Turbolinux Advisory ID#:  TLSA2002003

   Credits: Vladimir Ivaschenko

A security hole was discovered in the package mentioned above.
Please update the package in your installation as soon as possible.

1. Problem Summary

   Squid has a flaw in the code to handle FTP PUT commands: when a mkdir-only
   request was done squid would detect an internal error and exit.
   Squid script cannot use the restart command. Because when stop command 
   isn't finished, start command is started.

2. Impact


3. Solution

  Update the package from our ftp server by running the following command:

  rpm -Uvh<rpm>

  Where <rpm> is the following:


  The source RPM can be downloaded here: squid-2.4.STABLE2-3.src.rpm

  **Note: You must rebuild and install the RPM if you choose to download
  and install the SRPM.  Simply installing the SRPM alone WILL NOT CLOSE

 Please verify the MD5 checksums of the updates before you install:

  MD5 sum                               Package Name
8d163dfdb90a42c46a5c169b2dc0d4f4  squid-2.4.STABLE2-3.i386.rpm
c7ee0677b88db07507fbde69b696bec1  squid-2.4.STABLE2-3.src.rpm

These packages are GPG signed by Turbolinux for security. Our key
is available here:

To verify a package, use the following command:

 rpm --checksig name_of_rpm

To examine only the md5sum, use the following command:

 rpm --checksig --nogpg name_of_rpm

**Note: Checking GPG keys requires RPM 3.0 or higher.

You can find more updates on our ftp server: for TL6.0 Workstation
   and Server security updates for TL7.0 Workstation
   and Server security updates

Our webpage for security announcements:

If you want to report vulnerabilities, please contact:

Subscribe to the Turbolinux Security Mailing lists:

  TL-security - A moderated list for discussing security issues
                Turbolinux products.
  Subscribe at

  TL-security-announce - An announce-only mailing list for security updates
  and alerts.
  Subscribe at:

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds