Terça-feira, 21 de Outubro de 2008

Proxy Squid - [SECURITY] [DSA 1646-2] New squid packages fix array bounds check

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1646-2                  security@debian.org

http://www.debian.org/security/                           Devin Carraway

October 11, 2008                      http://www.debian.org/security/faq

- ------------------------------------------------------------------------

 

Package        : squid

Vulnerability  : array bounds check

Problem type   : remote

Debian-specific: no

CVE Id(s)      : CVE-2008-1612

 

In DSA 1646-1, an update was announced for a denial of service vulnerability in squid, a caching proxy server.  Due to an error in packaging and in testing, the updated packages did not correct the weakness.  An updated release is available which corrects the error.

For reference, the original advisory text follows.

 

A weakness has been discovered in squid, a caching proxy server.  The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1.  The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.

 

For the stable distribution (etch), these problems have been fixed in version 2.6.5-6etch4.

 

We recommend that you upgrade your squid packages.


publicado por securwww às 14:46
link do post | comentar | favorito
|

.mais sobre mim

.pesquisar

 

.Setembro 2009

Dom
Seg
Ter
Qua
Qui
Sex
Sab

1
2
3
4
5

6
7
8
9
10
11
12

13
14
15
16
17
18
19

20
21
22
23
25
26

27
28
29
30


.Subscrever por e-mail

A subscrição é anónima e gera, no máximo, um e-mail por dia.

.posts recentes

. ...

. a familia kido conficker ...

. http://www.securitywizard...

. phishing sul-americano na...

. howtowipeyourdrive

. hardening de servidores

. Debian - denial of servic...

. Compromised Site: Embassy...

. social networking music

. social networking or soci...

.arquivos

. Setembro 2009

. Abril 2009

. Março 2009

. Fevereiro 2009

. Outubro 2008

.tags

. todas as tags

SAPO Blogs

.subscrever feeds