- Vulnerability/
- RHSA-2010:0221
RHSA-2010:0221: Low: squid security and bug fix update
First published: Tue Mar 30 2010(Updated: )
Squid is a high-performance proxy caching server for web clients,<br>supporting FTP, Gopher, and HTTP data objects.<br>A flaw was found in the way Squid processed certain external ACL helper<br>HTTP header fields that contained a delimiter that was not a comma. A<br>remote attacker could issue a crafted request to the Squid server, causing<br>excessive CPU use (up to 100%). (CVE-2009-2855)<br>Note: The CVE-2009-2855 issue only affected non-default configurations that<br>use an external ACL helper script.<br>A flaw was found in the way Squid handled truncated DNS replies. A remote<br>attacker able to send specially-crafted UDP packets to Squid's DNS client<br>port could trigger an assertion failure in Squid's child process, causing<br>that child process to exit. (CVE-2010-0308)<br>This update also fixes the following bugs:<br><li> Squid's init script returns a non-zero value when trying to stop a</li> stopped service. This is not LSB compliant and can generate difficulties in<br>cluster environments. This update makes stopping LSB compliant. (BZ#521926)<br><li> Squid is not currently built to support MAC address filtering in ACLs.</li> This update includes support for MAC address filtering. (BZ#496170)<br><li> Squid is not currently built to support Kerberos negotiate</li> authentication. This update enables Kerberos authentication. (BZ#516245)<br><li> Squid does not include the port number as part of URIs it constructs when</li> configured as an accelerator. This results in a 403 error. This update<br>corrects this behavior. (BZ#538738)<br><li> the error_map feature does not work if the same handling is set also on</li> the HTTP server that operates in deflate mode. This update fixes this<br>issue. (BZ#470843)<br>All users of squid should upgrade to this updated package, which resolves<br>these issues. After installing this update, the squid service will be<br>restarted automatically.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/squid | <2.6.STABLE21-6.el5 | 2.6.STABLE21-6.el5 |
| redhat/squid | <2.6.STABLE21-6.el5 | 2.6.STABLE21-6.el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=496170
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=516245
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=518182
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=521926
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=538738
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=556389
- http://www.redhat.com/security/updates/classification/#low
- https://access.redhat.com/errata/RHSA-2010:0221 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0221
- agent/software-canonical-lookup
- package-manager/redhat