Fedora Update Notification
FEDORA-2004-104
2004-04-15
---------------------------------------------------------------------

Name        : squid
Version     : 2.5.STABLE3                      
Release     : 1.fc1                  
Summary     : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

---------------------------------------------------------------------
Update Information:

---------------------------------------------------------------------
* Tue Mar 09 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE3-1.fc1

- Backport security fix for %00 hole.  See CAN-2004-0189:             
    The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows
    remote attackers to bypass url_regex ACLs via a URL with a NULL       
    ("%00") characterm, which causes Squid to use only a portion of the
    requested URL when comparing it against the access control lists.  
- Backport security fix that adds urllogin acl type that can be used to
  protect vulnerable Microsoft Internet Explorer clients.


---------------------------------------------------------------------
This update can be downloaded from:
    

5b3bd9a972398edcacf4801ddc5718a2  SRPMS/squid-2.5.STABLE3-1.fc1.src.rpm
c48dccb3751ed519ac1189c8183540b7  i386/squid-2.5.STABLE3-1.fc1.i386.rpm
9a6eb17ff52b70020252026bb77b9279  i386/debug/squid-debuginfo-2.5.STABLE3-1.fc1.i386.rpm
6754ae8a0898506e7488975f9bb43cca  x86_64/squid-2.5.STABLE3-1.fc1.x86_64.rpm
617e9faefdfc4a3fa1c9018e0ac7787f  x86_64/debug/squid-debuginfo-2.5.STABLE3-1.fc1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: squid 2.5 ACL escape vulnerability

April 15, 2004
This is a backport of an older patch which prevented crafted URLs from being able to ignore Squid's ACLs.

Summary

Squid is a high-performance proxy caching server for Web clients,

supporting FTP, gopher, and HTTP data objects. Unlike traditional

caching software, Squid handles all requests in a single,

non-blocking, I/O-driven process. Squid keeps meta data and especially

hot objects cached in RAM, caches DNS lookups, supports non-blocking

DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System

lookup program (dnsserver), a program for retrieving FTP data

(ftpget), and some management and client tools.

Update Information:

* Tue Mar 09 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE3-1.fc1

- Backport security fix for %00 hole. See CAN-2004-0189: The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. - Backport security fix that adds urllogin acl type that can be used to protect vulnerable Microsoft Internet Explorer clients.


This update can be downloaded from:


5b3bd9a972398edcacf4801ddc5718a2 SRPMS/squid-2.5.STABLE3-1.fc1.src.rpm c48dccb3751ed519ac1189c8183540b7 i386/squid-2.5.STABLE3-1.fc1.i386.rpm 9a6eb17ff52b70020252026bb77b9279 i386/debug/squid-debuginfo-2.5.STABLE3-1.fc1.i386.rpm 6754ae8a0898506e7488975f9bb43cca x86_64/squid-2.5.STABLE3-1.fc1.x86_64.rpm 617e9faefdfc4a3fa1c9018e0ac7787f x86_64/debug/squid-debuginfo-2.5.STABLE3-1.fc1.x86_64.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


-- fedora-announce-list mailing list fedora-announce-list@redhat.com fedora-announce-list Info Page

Change Log

References

Fedora Update Notification FEDORA-2004-104 2004-04-15 Name : squid Version : 2.5.STABLE3 Release : 1.fc1 Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Update Instructions

Severity
Name : squid
Version : 2.5.STABLE3
Release : 1.fc1
Summary : The Squid proxy caching server.

Related News

28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved