squid -- several vulnerabilities

ID DSA-576
Type debian
Reporter Debian
Modified 2004-10-29T00:00:00


Several security vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following problems:

It is possible to bypass access lists and scan arbitrary hosts and ports in the network through cachemgr.cgi, which is installed by default. This update disables this feature and introduces a configuration file (/etc/squid/cachemgr.conf) to control this behavior.

The asn_parse_header function (asn1.c) in the SNMP module for Squid allows remote attackers to cause a denial of service via certain SNMP packets with negative length fields that causes a memory allocation error.

For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody4.

For the unstable distribution (sid) these problems have been fixed in version 2.5.7-1.

We recommend that you upgrade your squid package.