Squid is a full-featured Web proxy cache.
A bug was found in the way Squid displays error messages. A remote attacker
could submit a request containing an invalid hostname which would result in
Squid displaying a previously used error message. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-2479 to this issue.
Two denial of service bugs were found in the way Squid handles malformed
requests. A remote attacker could submit a specially crafted request to
Squid that would cause the server to crash. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-2794 and
CAN-2005-2796 to these issues.
Please note that CAN-2005-2796 does not affect Red Hat Enterprise Linux 2.1
Users of Squid should upgrade to this updated package that contains
backported patches, and is not vulnerable to these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | squid | < 2.5.STABLE6-3.4E.11 | squid-2.5.STABLE6-3.4E.11.ia64.rpm |
RedHat | any | s390x | squid | < 2.5.STABLE3-6.3E.14 | squid-2.5.STABLE3-6.3E.14.s390x.rpm |
RedHat | any | ppc | squid | < 2.5.STABLE3-6.3E.14 | squid-2.5.STABLE3-6.3E.14.ppc.rpm |
RedHat | any | i386 | squid | < 2.5.STABLE3-6.3E.14 | squid-2.5.STABLE3-6.3E.14.i386.rpm |
RedHat | any | ppc | squid | < 2.5.STABLE6-3.4E.11 | squid-2.5.STABLE6-3.4E.11.ppc.rpm |
RedHat | any | i386 | squid | < 2.5.STABLE6-3.4E.11 | squid-2.5.STABLE6-3.4E.11.i386.rpm |
RedHat | any | i386 | squid | < 2.4.STABLE7-1.21as.10 | squid-2.4.STABLE7-1.21as.10.i386.rpm |
RedHat | any | s390 | squid | < 2.5.STABLE3-6.3E.14 | squid-2.5.STABLE3-6.3E.14.s390.rpm |
RedHat | any | ia64 | squid | < 2.5.STABLE3-6.3E.14 | squid-2.5.STABLE3-6.3E.14.ia64.rpm |
RedHat | any | x86_64 | squid | < 2.5.STABLE6-3.4E.11 | squid-2.5.STABLE6-3.4E.11.x86_64.rpm |