Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Red Hat: RHSA-2005:489-01 Low: Squid Access Control Issue

red hat
Calendar Grey June 13, 2005
Dist Redhat Esm H88
A new Squid package has been released containing minor severity patches addressing DNS spoofing vulnerabilities and access control concerns for Red Hat systems.
An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

125007 - insecure permissions for squid.conf 151423 - CAN-2005-0718 Segmentation fault on failed PUT/POST request 153960 - It fails in the unpacking of squid-2.4.STABLE7-1.21as.5.src.rpm 156161 - CVE-1999-0710 cachemgr.cgi access control bypass 157455 - CAN-2005-1519 DNS lookups unreliable on untrusted networks


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 94a0e2ba3779a229af1d161555341cc2 squid-2.4.STABLE7-1.21as.8.src.rpm

i386: 08c0d416b59e426120c9f7932e974f9d squid-2.4.STABLE7-1.21as.8.i386.rpm

ia64: 9e15091928dd05b3f8dcf9f2285bd608 squid-2.4.STABLE7-1.21as.8.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 94a0e2ba3779a229af1d161555341cc2 squid-2.4.STABLE7-1.21as.8.src.rpm

ia64: 9e15091928dd05b3f8dcf9f2285bd608 squid-2.4.STABLE7-1.21as.8.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 94a0e2ba3779a229af1d161555341cc2 squid-2.4.STABLE7-1.21as.8.src.rpm

i386: 08c0d416b59e426120c9f7932e974f9d squid-2.4.STABLE7-1.21as.8.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-1999-0710 https://www.cve.org/CVERecord?id=CAN-2005-0718 https://www.cve.org/CVERecord?id=CAN-2005-1519

Package List


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2005:489-01
Issue date: 2005-06-13
Updated on: 2005-06-13
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here