Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 14 Sep 2011 15:08:53 -0500 Reply-To: Pat RieheckySender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Moderate: squid on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: squid security update Issue Date: 2011-09-14 CVE Numbers: CVE-2011-3205 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. SL6: i386 squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm x86_64 squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm - Scientific Linux Development Team