Fedora: 2,1: squid Buffer overflow vulnerability
Summary
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
* Mon Jun 07 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE3-4.fc2
- Backport security fix for ntlm auth helper (CAN-2004-0541).
* Thu Apr 08 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE5-3
- Fix the -pipe patch to have the correct name of the winbind pipe.
This update can be downloaded from:
b735863f8f52314d1ff9981c85ea56b2 SRPMS/squid-2.5.STABLE5-4.fc2.src.rpm
4d80ef2db40a68a7ba2ecffdec9d3372 i386/squid-2.5.STABLE5-4.fc2.i386.rpm
779417acbbfe0e022bc1525d9faae339 i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.i386.rpm
c8c1bc2cd95f892ce602e3e38e9e7823 x86_64/squid-2.5.STABLE5-4.fc2.x86_64.rpm
fcb5484591641424a956b23c97614963 x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
CORE 1:
Fedora Update Notification
FEDORA-2004-163
2004-06-09
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
* Mon Jun 07 2004 Jay Fenlason <fenlason@redhat.com>
7:2.5.STABLE3-2.fc1
- Backport patch for CAN-2004-0541: buffer overflow in ntlm auth
helper.
This update can be downloaded from:
ac5bbb825c3ab5223b1b26f162f24c19 SRPMS/squid-2.5.STABLE3-2.fc1.src.rpm
28f6216478b102cbddcf6de38ea8f126 i386/squid-2.5.STABLE3-2.fc1.i386.rpm
c8fb3a9ddc44e0e8d01a092993877ed7 i386/debug/squid-debuginfo-2.5.STABLE3-2.fc1.i386.rpm
e034b4a07c0e00a285f115be6ac63cfa x86_64/squid-2.5.STABLE3-2.fc1.x86_64.rpm
6a4992a5d0244b297ddc9ca44a312541 x86_64/debug/squid-debuginfo-2.5.STABLE3-2.fc1.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
CORE 2: (1 below) Fedora Update Notification FEDORA-2004-164 2004-06-09 Product : Fedora Core 2 Name : squid Version : 2.5.STABLE5 Release : 4.fc2 Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. * Mon Jun 07 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE3-4.fc2 - Backport security fix for ntlm auth helper (CAN-2004-0541). * Thu Apr 08 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE5-3 - Fix the -pipe patch to have the correct name of the winbind pipe. This update can be downloaded from: b735863f8f52314d1ff9981c85ea56b2 SRPMS/squid-2.5.STABLE5-4.fc2.src.rpm 4d80ef2db40a68a7ba2ecffdec9d3372 i386/squid-2.5.STABLE5-4.fc2.i386.rpm 779417acbbfe0e022bc1525d9faae339 i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.i386.rpm c8c1bc2cd95f892ce602e3e38e9e7823 x86_64/squid-2.5.STABLE5-4.fc2.x86_64.rpm fcb5484591641424a956b23c97614963 x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- CORE 1: Fedora Update Notification FEDORA-2004-163 2004-06-09 Product : Fedora Core 1 Name : squid Version : 2.5.STABLE3 Release : 2.fc1 Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. * Mon Jun 07 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE3-2.fc1 - Backport patch for CAN-2004-0541: buffer overflow in ntlm auth helper. This update can be downloaded from: ac5bbb825c3ab5223b1b26f162f24c19 SRPMS/squid-2.5.STABLE3-2.fc1.src.rpm 28f6216478b102cbddcf6de38ea8f126 i386/squid-2.5.STABLE3-2.fc1.i386.rpm c8fb3a9ddc44e0e8d01a092993877ed7 i386/debug/squid-debuginfo-2.5.STABLE3-2.fc1.i386.rpm e034b4a07c0e00a285f115be6ac63cfa x86_64/squid-2.5.STABLE3-2.fc1.x86_64.rpm 6a4992a5d0244b297ddc9ca44a312541 x86_64/debug/squid-debuginfo-2.5.STABLE3-2.fc1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
Change Log
References
Update Instructions
