mystified Posted September 16, 2004 Report Share Posted September 16, 2004 Package name squid Date September 15th, 2004 Advisory ID MDKSA-2004:093 Affected versions 9.2, 10.0 Synopsis Updated squid packages fix DoS vulnerability Problem Description A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed NTLMSSP packets to crash squid, resulting in a DoS. The provided packages have been patched to prevent this problem. Updated Packages Mandrakelinux 9.2 ad5b562c41b764f1807bcfa4203b7f22 9.2/RPMS/squid-2.5.STABLE3-3.3.92mdk.i586.rpm 72d8e8215f7da363d28883f4a4a6d13b 9.2/SRPMS/squid-2.5.STABLE3-3.3.92mdk.src.rpm Mandrakelinux 9.2/AMD64 ef8de99bad97ad623f584fcf4eaa3962 amd64/9.2/RPMS/squid-2.5.STABLE3-3.3.92mdk.amd64.rpm 72d8e8215f7da363d28883f4a4a6d13b amd64/9.2/SRPMS/squid-2.5.STABLE3-3.3.92mdk.src.rpm Mandrakelinux 10.0 a97e24902f95afb896e1387124be81cd 10.0/RPMS/squid-2.5.STABLE4-2.1.100mdk.i586.rpm 92bc96caf7e5ccaed6250833b8c4dcdc 10.0/SRPMS/squid-2.5.STABLE4-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 48a9ee3a6e7b427240fc35a04b569b06 amd64/10.0/RPMS/squid-2.5.STABLE4-2.1.100mdk.amd64.rpm 92bc96caf7e5ccaed6250833b8c4dcdc amd64/10.0/SRPMS/squid-2.5.STABLE4-2.1.100mdk.src.rpm References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0832 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 Upgrade To upgrade automatically, use MandrakeUpdate. Verification Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig package.rpm You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM. If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you. Link to comment Share on other sites More sharing options...
Recommended Posts