|
|
>> Mandriva Security Update Fixes Squid Denial of Service Vulnerability
|
Title : Mandriva Security Update Fixes Squid Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2005-2210
CVE ID : CVE-2005-3258
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-27
|
Mandriva has released updated packages to correct a vulnerability identified in Squid. This flaw is due to an error in "ftp.c" when handling malformed FTP server responses, which could be exploited by remote attackers to crash Squid. For additional information, see : VUPEN/ADV-2005-2151
Affected Products
Corporate Server 2.1
Mandriva Linux 10.1
Corporate 3.0
Multi Network Firewall 2.0
Mandriva Linux 10.2
Mandriva Linux 2006.0
Solution
Upgrade the affected packages :
Corporate Server 2.1:
f8aca99b670bd1d7cd062d29d6e337c0 corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.i586.rpm
575ebbe6d8c6dd4a88c85763de0955a6 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
b2bb3b18fbaec34fa4a4de306f7badfa x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.x86_64.rpm
575ebbe6d8c6dd4a88c85763de0955a6 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm
Mandriva Linux 10.1:
1aa5389665eb7c44fc1a6f2a62a9c3e4 10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.i586.rpm
9000867a2ad94d095311053f36742abc 10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
d417b0a933c81eeee4462ff5bf0d207a x86_64/10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.x86_64.rpm
9000867a2ad94d095311053f36742abc x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm
Corporate 3.0:
16a31934c2801715f0cb6290ea1c5c58 corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.i586.rpm
aa1042be761e422dbee47cf3b5777b90 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
5c285a1e0df7c5de08424a73438ef094 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.x86_64.rpm
aa1042be761e422dbee47cf3b5777b90 x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm
Multi Network Firewall 2.0:
92a195660ac40c9b6ae9ca275054c501 mnf/2.0/RPMS/squid-2.5.STABLE9-1.5.M20mdk.i586.rpm
1a97bb3873323ffe64629623c72d28c8 mnf/2.0/SRPMS/squid-2.5.STABLE9-1.5.M20mdk.src.rpm
Mandriva Linux 10.2:
442d8df682a4b46ae9f1c2e864b6505d 10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.i586.rpm
bd75db1db5949be45168118bf9fd6e80 10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
08dcae009d962753884eb5c11ff1bdf3 x86_64/10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.x86_64.rpm
bd75db1db5949be45168118bf9fd6e80 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm
Mandriva Linux 2006.0:
6c8f78eaefa702ea819c53cab55ad715 2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.i586.rpm
0b213d4496b8db93581a2b21388900af 2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.i586.rpm
1a242f5c868a63decda6a14c18de0397 2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
a8a30856a40f1067790ffb816c15ae4a x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.x86_64.rpm
7bbf70c2cbe5e22f6a5d9008ca96a887 x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.x86_64.rpm
1a242f5c868a63decda6a14c18de0397 x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm
References
http://www.vupen.com/english/advisories/2005/2210
http://archives.mandrivalinux.com/security-announce/2005-10/msg00036.php
ChangeLog
2005-10-27 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
