RHBA-2014:1446 - Bug Fix Advisory

Topic

Updated squid packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.

Description

Squid is a high-performance proxy caching server for web clients, supporting
FTP, Gopher, and HTTP data objects.

This update fixes the following bugs:

• Prior to this update, the /etc/init.d/squid initialization script did not

describe the condrestart option, and therefore it did not appear in the Usage
message. This bug has been fixed, and condrestart is now displayed correctly in
the Usage message. (BZ#876980)

• Under certain circumstances, the comm_write() function of the squid utility

attempted to write to file descriptors that were being closed. Consequently, the
squid utility was aborted. With this update, a patch that handles the write
attempt has been introduced. As a result, squid is no longer aborted in the
aforementioned scenario. (BZ#998809)

• Due to a bug in the default /etc/httpd/conf.d/squid.conf configuration file,

the squid utility was not allowed to access the CacheManager tool at
http://localhost/Squid/cgi-bin/cachemgr.cgi. The bug has been fixed, and squid
can now access CacheManager without complications. (BZ#1011952)

• Under certain circumstances, the squid utility leaked Domain Name System (DNS)

queries. Consequently, squid often reached the limit of maximum locks set to
65,535 and terminated unexpectedly. With this update, several changes have been
made to prevent leaked queries. Also, the lock limit has been increased to the
maximum value of the integer data type. (BZ#1034616)

• Previously, after receiving a malformed Domain Name System (DNS) response, the

squid utility terminated unexpectedly and did not start again. The underlying
source code has been modified, and as a result, squid now handles malformed DNS
responses without complications. (BZ#1047839)

• Under certain circumstances, child processes of the squid utility terminated

unexpectedly and generated a core file. This bug has been fixed, and squid
processes no longer exit abnormally. (BZ#1058207)

• Previously, the AuthBasicUserRequest method of the squid utility overrode the

default user() methods with its own data. Consequently, a memory leak occurred
when using basic authentication, which led to high memory consumption of squid.
With this update, the aforementioned override was removed and the memory leak no
longer occurs. (BZ#1066368, BZ#1089614)

Users of squid are advised to upgrade to these updated packages, which fix these
bugs. After installing this update, the squid service will be restarted
automatically.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 876980 - Init script: missing condrestart in 'Usage'
• BZ - 1011952 - cachemgr.cgi doesn't work by default

CVEs

(none)

References

(none)