Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Scientific Linux: SLSA-2014:1148-1 Important Squid Buffer Overflow Fix

Scientific Large Esm H446
Important: squid security update
Date: Tue, 2 Sep 2014 09:59:43 -0500
Reply-To: Scientific Linux Users 
Sender: Security Errata for Scientific Linux
 
From: Bonnie King 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.
In-Reply-To: <53FCFBA7.40509@fnal.gov>
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
gstreamer-plugins-bad-free-0.10.19-3.el6_5.i686.rpm
gstreamer-plugins-bad-free-devel-0.10.19-3.el6_5.i686.rpm
gstreamer-plugins-bad-free-devel-docs-0.10.19-3.el6_5.i686.rpm
gstreamer-plugins-bad-free-extras-0.10.19-3.el6_5.i686.rpm
java-1.6.0-openjdk-1.6.0.0-7.1.13.4.el6_5.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-7.1.13.4.el6_5.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-7.1.13.4.el6_5.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-7.1.13.4.el6_5.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-7.1.13.4.el6_5.i686.rpm
kmod-memstick_dup-0.1_rh1-1.el6_5.i686.rpm
kmod-mmc_block_dup-0.1_rh1-1.el6_5.i686.rpm
kmod-mmc_core_dup-0.1_rh1-1.el6_5.i686.rpm
kmod-rtsx_pci-0.1_rh1-1.el6_5.i686.rpm
kmod-rtsx_pci_ms-0.1_rh1-1.el6_5.i686.rpm
kmod-rtsx_pci_sdmmc-0.1_rh1-1.el6_5.i686.rpm
ksh-20120801-10.el6_5.9.i686.rpm
libvirt-0.10.2-29.el6_5.12.i686.rpm
libvirt-client-0.10.2-29.el6_5.12.i686.rpm
libvirt-devel-0.10.2-29.el6_5.12.i686.rpm
libvirt-python-0.10.2-29.el6_5.12.i686.rpm
libvpx-1.3.0-5.el6_5.i686.rpm
libvpx-devel-1.3.0-5.el6_5.i686.rpm
libvpx-utils-1.3.0-5.el6_5.i686.rpm
net-snmp-5.5-49.el6_5.2.i686.rpm
net-snmp-devel-5.5-49.el6_5.2.i686.rpm
net-snmp-libs-5.5-49.el6_5.2.i686.rpm
net-snmp-perl-5.5-49.el6_5.2.i686.rpm
net-snmp-python-5.5-49.el6_5.2.i686.rpm
net-snmp-utils-5.5-49.el6_5.2.i686.rpm
sysstat-9.0.4-20.el6_4.1.i686.rpm
sysstat-9.0.4-22.el6_5.1.i686.rpm

x86_64:
gstreamer-plugins-bad-free-0.10.19-3.el6_5.i686.rpm
gstreamer-plugins-bad-free-0.10.19-3.el6_5.x86_64.rpm
gstreamer-plugins-bad-free-devel-0.10.19-3.el6_5.i686.rpm
gstreamer-plugins-bad-free-devel-0.10.19-3.el6_5.x86_64.rpm
gstreamer-plugins-bad-free-devel-docs-0.10.19-3.el6_5.x86_64.rpm
gstreamer-plugins-bad-free-extras-0.10.19-3.el6_5.i686.rpm
gstreamer-plugins-bad-free-extras-0.10.19-3.el6_5.x86_64.rpm
java-1.6.0-openjdk-1.6.0.0-7.1.13.4.el6_5.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-7.1.13.4.el6_5.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-7.1.13.4.el6_5.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-7.1.13.4.el6_5.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-7.1.13.4.el6_5.x86_64.rpm
kmod-memstick_dup-0.1_rh1-1.el6_5.x86_64.rpm
kmod-mmc_block_dup-0.1_rh1-1.el6_5.x86_64.rpm
kmod-mmc_core_dup-0.1_rh1-1.el6_5.x86_64.rpm
kmod-rtsx_pci-0.1_rh1-1.el6_5.x86_64.rpm
kmod-rtsx_pci_ms-0.1_rh1-1.el6_5.x86_64.rpm
kmod-rtsx_pci_sdmmc-0.1_rh1-1.el6_5.x86_64.rpm
ksh-20120801-10.el6_5.9.x86_64.rpm
libvirt-0.10.2-29.el6_5.12.x86_64.rpm
libvirt-client-0.10.2-29.el6_5.12.i686.rpm
libvirt-client-0.10.2-29.el6_5.12.x86_64.rpm
libvirt-devel-0.10.2-29.el6_5.12.i686.rpm
libvirt-devel-0.10.2-29.el6_5.12.x86_64.rpm
libvirt-lock-sanlock-0.10.2-29.el6_5.12.x86_64.rpm
libvirt-python-0.10.2-29.el6_5.12.x86_64.rpm
libvpx-1.3.0-5.el6_5.i686.rpm
libvpx-1.3.0-5.el6_5.x86_64.rpm
libvpx-devel-1.3.0-5.el6_5.i686.rpm
libvpx-devel-1.3.0-5.el6_5.x86_64.rpm
libvpx-utils-1.3.0-5.el6_5.x86_64.rpm
net-snmp-5.5-49.el6_5.2.x86_64.rpm
net-snmp-devel-5.5-49.el6_5.2.i686.rpm
net-snmp-devel-5.5-49.el6_5.2.x86_64.rpm
net-snmp-libs-5.5-49.el6_5.2.i686.rpm
net-snmp-libs-5.5-49.el6_5.2.x86_64.rpm
net-snmp-perl-5.5-49.el6_5.2.x86_64.rpm
net-snmp-python-5.5-49.el6_5.2.x86_64.rpm
net-snmp-utils-5.5-49.el6_5.2.x86_64.rpm
sysstat-9.0.4-20.el6_4.1.x86_64.rpm
sysstat-9.0.4-22.el6_5.1.x86_64.rpm
Date: Thu, 4 Sep 2014 14:42:22 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: squid on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: squid security update
Advisory ID: SLSA-2014:1148-1
Issue Date: 2014-09-03
CVE Numbers: CVE-2013-4115
 CVE-2014-3609
--

A flaw was found in the way Squid handled malformed HTTP Range headers. A
remote attacker able to send HTTP requests to the Squid proxy could use
this flaw to crash Squid. (CVE-2014-3609)

A buffer overflow flaw was found in Squid's DNS lookup module. A remote
attacker able to send HTTP requests to the Squid proxy could use this flaw
to crash Squid. (CVE-2013-4115)

After installing this update, the squid service will be restarted
automatically.
--

SL5
 x86_64
 squid-2.6.STABLE21-7.el5_10.x86_64.rpm
 squid-debuginfo-2.6.STABLE21-7.el5_10.x86_64.rpm
 i386
 squid-2.6.STABLE21-7.el5_10.i386.rpm
 squid-debuginfo-2.6.STABLE21-7.el5_10.i386.rpm
SL6
 x86_64
 squid-3.1.10-22.el6_5.x86_64.rpm
 squid-debuginfo-3.1.10-22.el6_5.x86_64.rpm
 i386
 squid-3.1.10-22.el6_5.i686.rpm
 squid-debuginfo-3.1.10-22.el6_5.i686.rpm

- Scientific Linux Development Team