Stay Secure with the Latest Linux Advisories

security advisorysecurity issuesoftware update

Scientific Linux: CVE-2010-3072 Low Threat from Squid Service

Low: squid security and bug fix update. Date: Wed, 1 Jun 2011 11:11:44 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Low: squid on SL6.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." MIME-Version: 1.0 Synopsis: Low: squid security and bug fix update Issue Date: 2011-05-19 CVE Numbers: CVE-2010-3072 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squid daemon to crash via a specially-crafted request. (CVE-2010-3072) This update also fixes the following bugs: * A small memory leak in Squid caused multiple "ctx: enter level" messages to be logged to "/var/log/squid/cache.log". This update resolves the memory leak. (BZ#666533) * This erratum upgrades Squid to upstream version 3.1.10. This upgraded version supports the Google Instant service and introduces various code improvements. (BZ#639365) Users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically. SL6: x86_64 squid-3.1.10-1.el6.x86_64.rpm squid-debuginfo-3.1.10-1.el6.x86_64.rpm i386 squid-3.1.10-1.el6.i686.rpm squid-debuginfo-3.1.10-1.el6.i686.rpm - Scientific Linux Development Team . The latest patch for Squid resolves minor vulnerabilities in Scientific Linux that may result in service interruptions and potential memory overflow.. Squid Update, Security Advisory, Scientific Linux Advisory, Proxy Caching Server. . Severity: Low. LinuxSecurity.com Team

Jun 01, 2011 •Low Scientific Linux