Issued:: 2005-03-16
Updated:: 2005-03-16

RHSA-2005:201 - Security Advisory

Overview
Updated Packages

Synopsis

squid security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated squid package that fixes a denial of service issue is now
available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Squid is a full-featured Web proxy cache.

A bug was found in the way Squid handles fully qualified domain name (FQDN)
lookups. A malicious DNS server could crash Squid by sending a carefully
crafted DNS response to an FQDN lookup. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0446 to
this issue.

This erratum also includes two minor patches to the LDAP helpers. One
corrects a slight malformation in ldap search requests (although all
known LDAP servers accept the requests). The other adds documentation
for the -v option to the ldap helpers.

Users of Squid should upgrade to this updated package, which contains a
backported patch, and is not vulnerable to this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 148882 - CAN-2005-0446 Squid DoS from bad DNS response

CVEs

CVE-2005-0446

References

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
squid-2.5.STABLE6-3.4E.5.src.rpm	SHA-256: 8cad5ef3f94030edee91072c44f2b329eba26c888407dcb7788e52d2f59338cb
x86_64
squid-2.5.STABLE6-3.4E.5.x86_64.rpm	SHA-256: d86d41062c68ad610a149f3bfb136ca1715f37eb3ce46fe2f28d12bf6e54d545
squid-2.5.STABLE6-3.4E.5.x86_64.rpm	SHA-256: d86d41062c68ad610a149f3bfb136ca1715f37eb3ce46fe2f28d12bf6e54d545
ia64
squid-2.5.STABLE6-3.4E.5.ia64.rpm	SHA-256: de3d61ad8da3184bd3e5ee9aecb17e76b41a36a1ef23001cda059c647ae64c41
squid-2.5.STABLE6-3.4E.5.ia64.rpm	SHA-256: de3d61ad8da3184bd3e5ee9aecb17e76b41a36a1ef23001cda059c647ae64c41
i386
squid-2.5.STABLE6-3.4E.5.i386.rpm	SHA-256: 99e62145c0806043dcefdcb6c8b2397ae40764f13bfea0cfe081919805527a3b
squid-2.5.STABLE6-3.4E.5.i386.rpm	SHA-256: 99e62145c0806043dcefdcb6c8b2397ae40764f13bfea0cfe081919805527a3b

Red Hat Enterprise Linux Workstation 4

SRPM
squid-2.5.STABLE6-3.4E.5.src.rpm	SHA-256: 8cad5ef3f94030edee91072c44f2b329eba26c888407dcb7788e52d2f59338cb
x86_64
squid-2.5.STABLE6-3.4E.5.x86_64.rpm	SHA-256: d86d41062c68ad610a149f3bfb136ca1715f37eb3ce46fe2f28d12bf6e54d545
ia64
squid-2.5.STABLE6-3.4E.5.ia64.rpm	SHA-256: de3d61ad8da3184bd3e5ee9aecb17e76b41a36a1ef23001cda059c647ae64c41
i386
squid-2.5.STABLE6-3.4E.5.i386.rpm	SHA-256: 99e62145c0806043dcefdcb6c8b2397ae40764f13bfea0cfe081919805527a3b

Red Hat Enterprise Linux Desktop 4

SRPM
squid-2.5.STABLE6-3.4E.5.src.rpm	SHA-256: 8cad5ef3f94030edee91072c44f2b329eba26c888407dcb7788e52d2f59338cb
x86_64
squid-2.5.STABLE6-3.4E.5.x86_64.rpm	SHA-256: d86d41062c68ad610a149f3bfb136ca1715f37eb3ce46fe2f28d12bf6e54d545
i386
squid-2.5.STABLE6-3.4E.5.i386.rpm	SHA-256: 99e62145c0806043dcefdcb6c8b2397ae40764f13bfea0cfe081919805527a3b

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
squid-2.5.STABLE6-3.4E.5.src.rpm	SHA-256: 8cad5ef3f94030edee91072c44f2b329eba26c888407dcb7788e52d2f59338cb
s390x
squid-2.5.STABLE6-3.4E.5.s390x.rpm	SHA-256: 1268877fa6581e7a1850320ce945bda44deee4bfb0f5f0e78f80ef696609ed1a
s390
squid-2.5.STABLE6-3.4E.5.s390.rpm	SHA-256: 12b8c551d78925e43ad402c22ee9214df752345d0cb49853337691e81f2d03f2

Red Hat Enterprise Linux for Power, big endian 4

SRPM
squid-2.5.STABLE6-3.4E.5.src.rpm	SHA-256: 8cad5ef3f94030edee91072c44f2b329eba26c888407dcb7788e52d2f59338cb
ppc
squid-2.5.STABLE6-3.4E.5.ppc.rpm	SHA-256: 0c731aff6e13cd98b237d1198c495fa4cde60573700d1beb01299a9104213c20

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation