Updated squid packages fix DoS vulnerability

[mystified]

Package name squid

Date September 15th, 2004

Advisory ID MDKSA-2004:093

Affected versions 9.2, 10.0

Synopsis Updated squid packages fix DoS vulnerability

 

 

Problem Description

 

A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed NTLMSSP packets to crash squid, resulting in a DoS. The provided packages have been patched to prevent this problem.

 

 

Updated Packages

 

 

Mandrakelinux 9.2

 

ad5b562c41b764f1807bcfa4203b7f22 9.2/RPMS/squid-2.5.STABLE3-3.3.92mdk.i586.rpm

72d8e8215f7da363d28883f4a4a6d13b 9.2/SRPMS/squid-2.5.STABLE3-3.3.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

ef8de99bad97ad623f584fcf4eaa3962 amd64/9.2/RPMS/squid-2.5.STABLE3-3.3.92mdk.amd64.rpm

72d8e8215f7da363d28883f4a4a6d13b amd64/9.2/SRPMS/squid-2.5.STABLE3-3.3.92mdk.src.rpm

 

Mandrakelinux 10.0

 

a97e24902f95afb896e1387124be81cd 10.0/RPMS/squid-2.5.STABLE4-2.1.100mdk.i586.rpm

92bc96caf7e5ccaed6250833b8c4dcdc 10.0/SRPMS/squid-2.5.STABLE4-2.1.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

48a9ee3a6e7b427240fc35a04b569b06 amd64/10.0/RPMS/squid-2.5.STABLE4-2.1.100mdk.amd64.rpm

92bc96caf7e5ccaed6250833b8c4dcdc amd64/10.0/SRPMS/squid-2.5.STABLE4-2.1.100mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0832

http://www.squid-cache.org/bugs/show_bug.cgi?id=1045

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.