Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 10 FEDORA-2009-8327 Critical: Squid Denial of Service Fix

fedora
Calendar Grey August 17, 2009
Dist Fedora Esm H88
Numerous vulnerabilities addressed in the Fedora 10 Apache release. Crucial details for ensuring your service reliability.
Fixes several denial of service issues which could allow an attacker to stop the Squid service

Summary

Squid is a high-performance proxy caching server for Web clients,

supporting FTP, gopher, and HTTP data objects. Unlike traditional

caching software, Squid handles all requests in a single,

non-blocking, I/O-driven process. Squid keeps meta data and especially

hot objects cached in RAM, caches DNS lookups, supports non-blocking

DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System

lookup program (dnsserver), a program for retrieving FTP data

(ftpget), and some management and client tools.

Update Information:

Fixes several denial of service issues which could allow an attacker to stop the Squid service. CVE-2009-2621, CVE-2009-2622

Topics%20covered

Topics Covered

security advisory denial of service critical Fedora security fix Squid

Change Log

* Tue Aug 4 2009 Henrik Nordstrom - 7:3.0.STABLE18-1 - Update to 3.0.STABLE18 * Sat Aug 1 2009 Henrik Nordstrom - 7:3.0.STABLE17-3 - Squid Bug #2728: regression: assertion failed: http.cc:705: "!eof" * Mon Jul 27 2009 Henrik Nordstrom - 7:3.0.STABLE17-1 - Bug #514014, update to 3.0.STABLE17 fixing the denial of service issues mentioned in Squid security advisory SQUID-2009_2. * Mon Jul 13 2009 Henrik Nordstrom - 7:3.0.STABLE16-2 - Upgrade to latest upstream * Sat May 23 2009 Henrik Nordstrom - 7:3.0.STABLE15-2 - Upgrade to 3.0.STABLE15 - Bug #453304 - Squid requires restart after Network Manager connection setup * Mon Apr 20 2009 Henrik Nordstrom - 7:3.0.STABLE14-1 - upgrade to latest upstream * Thu Feb 5 2009 Jonathan Steffan - 7:3.0.STABLE13-1 - upgrade to latest upstream * Thu Jan 29 2009 Henrik Nordstrom - 7:3.0.STABLE12-1 - upgrade to latest upstream * Fri Dec 19 2008 Henrik Nordstrom - 7:3.0.STABLE10-3 - actually include the upstream bugfixes in the build * Fri Dec 19 2008 Henrik Nordstrom - 7:3.0.STABLE10-2

References


[ 1 ] Bug #514013 - CVE-2009-2621, CVE-2009-2622 squid: multiple vulnerabilities fixed in squid 3.0.STABLE17 https://bugzilla.redhat.com/show_bug.cgi?id=514013

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update squid' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: squid
Product: Fedora 10
Version: 3.0.STABLE18
Release: 1.fc10
URL: http://www.squid-cache.org
Summary: The Squid proxy caching server

Topics%20covered

Topics Covered

security advisory denial of service critical Fedora security fix Squid

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here