Red Hat Product Errata RHSA-2005:766 - Security Advisory

Issued:: 2005-09-15
Updated:: 2005-09-15

RHSA-2005:766 - Security Advisory

Overview
Updated Packages

Synopsis

squid security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated Squid package that fixes security issues is now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Squid is a full-featured Web proxy cache.

A bug was found in the way Squid displays error messages. A remote attacker
could submit a request containing an invalid hostname which would result in
Squid displaying a previously used error message. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-2479 to this issue.

Two denial of service bugs were found in the way Squid handles malformed
requests. A remote attacker could submit a specially crafted request to
Squid that would cause the server to crash. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-2794 and
CAN-2005-2796 to these issues.

Please note that CAN-2005-2796 does not affect Red Hat Enterprise Linux 2.1

Users of Squid should upgrade to this updated package that contains
backported patches, and is not vulnerable to these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 166520 - CAN-2004-2479 squid information disclosure issue
BZ - 167413 - CAN-2005-2794 Multiple squid DoS issues (CAN-2005-2796)

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
squid-2.5.STABLE6-3.4E.11.x86_64.rpm	SHA-256: f23616f378253f3ac2c6d565790bf4ce28c4f06a59a182faf35b8c8e248ab4b9
squid-2.5.STABLE6-3.4E.11.x86_64.rpm	SHA-256: f23616f378253f3ac2c6d565790bf4ce28c4f06a59a182faf35b8c8e248ab4b9
ia64
squid-2.5.STABLE6-3.4E.11.ia64.rpm	SHA-256: 804081fedb9c96cded5fb4216efd657356d7cc8f76464815126026b51a400e8a
squid-2.5.STABLE6-3.4E.11.ia64.rpm	SHA-256: 804081fedb9c96cded5fb4216efd657356d7cc8f76464815126026b51a400e8a
i386
squid-2.5.STABLE6-3.4E.11.i386.rpm	SHA-256: 81572810ec741b0633f2f8a372881ffbe1adb4b5ccb266baa192b2f1818d74fe
squid-2.5.STABLE6-3.4E.11.i386.rpm	SHA-256: 81572810ec741b0633f2f8a372881ffbe1adb4b5ccb266baa192b2f1818d74fe

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
squid-2.5.STABLE6-3.4E.11.x86_64.rpm	SHA-256: f23616f378253f3ac2c6d565790bf4ce28c4f06a59a182faf35b8c8e248ab4b9
ia64
squid-2.5.STABLE6-3.4E.11.ia64.rpm	SHA-256: 804081fedb9c96cded5fb4216efd657356d7cc8f76464815126026b51a400e8a
i386
squid-2.5.STABLE6-3.4E.11.i386.rpm	SHA-256: 81572810ec741b0633f2f8a372881ffbe1adb4b5ccb266baa192b2f1818d74fe

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
squid-2.5.STABLE6-3.4E.11.x86_64.rpm	SHA-256: f23616f378253f3ac2c6d565790bf4ce28c4f06a59a182faf35b8c8e248ab4b9
i386
squid-2.5.STABLE6-3.4E.11.i386.rpm	SHA-256: 81572810ec741b0633f2f8a372881ffbe1adb4b5ccb266baa192b2f1818d74fe

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
squid-2.5.STABLE6-3.4E.11.s390x.rpm	SHA-256: c32f91857cf395f0ff0cfccac56a1b9aae34e19ceb7480a3382b298815285b5a
s390
squid-2.5.STABLE6-3.4E.11.s390.rpm	SHA-256: 91f8b66a587ab83d13f6575d849bb60508a1100330ef5440b6750027d8eab6e3

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
squid-2.5.STABLE6-3.4E.11.ppc.rpm	SHA-256: 65031772a5cc67a5cdbc0368e465a1a941e16e5ab60d5ce069c96dc7570feebc

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation