Issued:
2011-09-14
Updated:
2011-09-14

RHSA-2011:1293 - Security Advisory

Synopsis

Moderate: squid security update

Type/Severity

Security Advisory: Moderate

Topic

An updated squid package that fixes one security issue is now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

A buffer overflow flaw was found in the way Squid parsed replies from
remote Gopher servers. A remote user allowed to send Gopher requests to a
Squid proxy could possibly use this flaw to cause the squid child process
to crash or execute arbitrary code with the privileges of the squid user,
by making Squid perform a request to an attacker-controlled Gopher server.
(CVE-2011-3205)

Users of squid should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing this update, the
squid service will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 6.1 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 6.1 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.1 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.1 ppc64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1 i386
  • Red Hat Virtual Storage Appliance (from RHUI) 6.1 x86_64

Fixes

  • BZ - 734583 - CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)

CVEs

References

Red Hat Enterprise Linux Server 6

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
x86_64
squid-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 1d389a37f02e6abe131a39de40e8b1cfc323513219dadc0f49d00a735e94eb3e
squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 219a8ba40a75ba76fca7708f417731fed9d2722d4797b8ed624c6aa7346dabb3
i386
squid-3.1.10-1.el6_1.1.i686.rpm SHA-256: 28bcc0fae065d8099836868e946793b26d92aa52561fb1b4d865b5569aa422ce
squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm SHA-256: 3356452ed1fb989f2e68e176e8f7954bf47a137c9730802cfd27afcf08a0095b

Red Hat Enterprise Linux Server - Extended Update Support 6.1

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
x86_64
squid-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 1d389a37f02e6abe131a39de40e8b1cfc323513219dadc0f49d00a735e94eb3e
squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 219a8ba40a75ba76fca7708f417731fed9d2722d4797b8ed624c6aa7346dabb3
i386
squid-3.1.10-1.el6_1.1.i686.rpm SHA-256: 28bcc0fae065d8099836868e946793b26d92aa52561fb1b4d865b5569aa422ce
squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm SHA-256: 3356452ed1fb989f2e68e176e8f7954bf47a137c9730802cfd27afcf08a0095b

Red Hat Enterprise Linux Workstation 6

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
x86_64
squid-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 1d389a37f02e6abe131a39de40e8b1cfc323513219dadc0f49d00a735e94eb3e
squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 219a8ba40a75ba76fca7708f417731fed9d2722d4797b8ed624c6aa7346dabb3
i386
squid-3.1.10-1.el6_1.1.i686.rpm SHA-256: 28bcc0fae065d8099836868e946793b26d92aa52561fb1b4d865b5569aa422ce
squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm SHA-256: 3356452ed1fb989f2e68e176e8f7954bf47a137c9730802cfd27afcf08a0095b

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
s390x
squid-3.1.10-1.el6_1.1.s390x.rpm SHA-256: 462a110f08ac5adb96acea4ee12d15eeb9f6eb8e3a4d52a21d95769d20f086bf
squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm SHA-256: c66924963852ef448186a467677956a9550ad53eeb0bc8906f59629de0e5ce42

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.1

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
s390x
squid-3.1.10-1.el6_1.1.s390x.rpm SHA-256: 462a110f08ac5adb96acea4ee12d15eeb9f6eb8e3a4d52a21d95769d20f086bf
squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm SHA-256: c66924963852ef448186a467677956a9550ad53eeb0bc8906f59629de0e5ce42

Red Hat Enterprise Linux for Power, big endian 6

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
ppc64
squid-3.1.10-1.el6_1.1.ppc64.rpm SHA-256: 1799fba9ce3bcb18e76a46b446e4d667b9f55e1c3b6878b468d36a916d0a2305
squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm SHA-256: eb5df8bc13963525f202924b602074bfedd8053704db6ccb6ce274f88fccd611

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.1

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
ppc64
squid-3.1.10-1.el6_1.1.ppc64.rpm SHA-256: 1799fba9ce3bcb18e76a46b446e4d667b9f55e1c3b6878b468d36a916d0a2305
squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm SHA-256: eb5df8bc13963525f202924b602074bfedd8053704db6ccb6ce274f88fccd611

Red Hat Enterprise Linux Server from RHUI 6

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
x86_64
squid-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 1d389a37f02e6abe131a39de40e8b1cfc323513219dadc0f49d00a735e94eb3e
squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 219a8ba40a75ba76fca7708f417731fed9d2722d4797b8ed624c6aa7346dabb3
i386
squid-3.1.10-1.el6_1.1.i686.rpm SHA-256: 28bcc0fae065d8099836868e946793b26d92aa52561fb1b4d865b5569aa422ce
squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm SHA-256: 3356452ed1fb989f2e68e176e8f7954bf47a137c9730802cfd27afcf08a0095b

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
x86_64
squid-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 1d389a37f02e6abe131a39de40e8b1cfc323513219dadc0f49d00a735e94eb3e
squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 219a8ba40a75ba76fca7708f417731fed9d2722d4797b8ed624c6aa7346dabb3
i386
squid-3.1.10-1.el6_1.1.i686.rpm SHA-256: 28bcc0fae065d8099836868e946793b26d92aa52561fb1b4d865b5569aa422ce
squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm SHA-256: 3356452ed1fb989f2e68e176e8f7954bf47a137c9730802cfd27afcf08a0095b

Red Hat Virtual Storage Appliance (from RHUI) 6.1

SRPM
squid-3.1.10-1.el6_1.1.src.rpm SHA-256: 5561c2d8714e0f57eb83c73d32d132c1e8c8ba1281322051aa4d9ca81e5496e3
x86_64
squid-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 1d389a37f02e6abe131a39de40e8b1cfc323513219dadc0f49d00a735e94eb3e
squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm SHA-256: 219a8ba40a75ba76fca7708f417731fed9d2722d4797b8ed624c6aa7346dabb3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.