U radu programskog paketa squid pronađena je pogreška koji udaljeni napadač može iskoristiti za DoS napad.
Paket:
Squid 3.x
Operacijski sustavi:
Fedora 14, Fedora 15
Kritičnost:
6.1
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4096
Izvorni ID preporuke:
FEDORA-2011-15256
Izvor:
Fedora
Problem:
Pronađena je pogreška u načinu kako programski paket upravlja sa CNAME DNS podacima koji upućuju na drugi CNAME podatak koji pokazuje na prazan A zapis.
Posljedica:
Udaljeni napadač može koristeći ranjivost izvršiti DoS napad.
Rješenje:
Korisnicima se preporuča instalacija programske zakrpe proizvođača.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15256
2011-11-02 06:38:02
--------------------------------------------------------------------------------
Name : squid
Product : Fedora 14
Version : 3.1.16
Release : 1.fc14
URL : http://www.squid-cache.org
Summary : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release fixing invalid free on certain DNS responses
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 31 2011 Henrik Nordstorm <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.16-1
- update to latest upstream 3.1.16 fixing invalid free on certain
DNS responses (Bug #750316)
* Mon Aug 29 2011 Henrik Nordstrom <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.15-1
- update to latest upstream 3.1.15 fixing SQUID-2011:3
* Fri Jul 22 2011 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.14-1
- Update to 3.1.14 upstream release
* Thu May 5 2011 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.12-1
- Update to 3.1.12 upstream release
* Thu Jan 6 2011 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.10-1
- Update to 3.1.10 upstream release
* Thu Nov 4 2010 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.9-3
- fixes #647967 - build with -fPIE option back and dropped proper libltdl usage
* Mon Oct 25 2010 Henrik Nordstrom <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 7:3.1.9-2
- Upstream 3.1.9 bugfix release
* Mon Oct 18 2010 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.8-2
- fixes #584161 - squid userid not added to wbpriv group
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #750316 - CVE-2011-4096 squid: Invalid free by processing CNAME DNS
record pointing to another CNAME record pointing to an empty A-record
https://bugzilla.redhat.com/show_bug.cgi?id=750316
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update squid' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15233
2011-11-02 06:37:07
--------------------------------------------------------------------------------
Name : squid
Product : Fedora 15
Version : 3.1.16
Release : 1.fc15
URL : http://www.squid-cache.org
Summary : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix update fixing invalid free on certain DNS responses
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 31 2011 Henrik Nordstorm <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.16-1
- update to latest upstream 3.1.16 fixing invalid free on certain
DNS responses (Bug #750316)
* Mon Aug 29 2011 Henrik Nordstrom <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.15-1
- update to latest upstream 3.1.15 fixing SQUID-2011:3
* Fri Jul 22 2011 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.14-1
- updated to latest upstream 3.1.14
* Thu May 19 2011 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.12-2
- enabled eCAP support
* Thu May 5 2011 Jiri Skala <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7:3.1.12-1
- Update to 3.1.12 upstream release
- applied corrections of unused patch (Ismail DÄ
Posljednje sigurnosne preporuke