(RHSA-2008:0214) Moderate: squid security update

2008-04-0800:00:00

access.redhat.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

79.2%

JSON

Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.

A flaw was found in the way squid manipulated HTTP headers for cached
objects stored in system memory. An attacker could use this flaw to cause a
squid child process to exit. This interrupted existing connections and made
proxy services unavailable. Note: the parent squid process started a new
child process, so this attack only resulted in a temporary denial of
service. (CVE-2008-1612)

Users of squid are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64squid< 2.5.STABLE3-9.3Esquid-2.5.STABLE3-9.3E.x86_64.rpm
RedHat4ppcsquid< 2.5.STABLE14-1.4E.el4_6.2squid-2.5.STABLE14-1.4E.el4_6.2.ppc.rpm
RedHat5i386squid< 2.6.STABLE6-5.el5_1.3squid-2.6.STABLE6-5.el5_1.3.i386.rpm
RedHatanys390squid< 2.5.STABLE3-9.3Esquid-2.5.STABLE3-9.3E.s390.rpm
RedHatanyi386squid< 2.4.STABLE7-1.21as.12squid-2.4.STABLE7-1.21as.12.i386.rpm
RedHat4x86_64squid< 2.5.STABLE14-1.4E.el4_6.2squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm
RedHat5x86_64squid< 2.6.STABLE6-5.el5_1.3squid-2.6.STABLE6-5.el5_1.3.x86_64.rpm
RedHat4s390xsquid< 2.5.STABLE14-1.4E.el4_6.2squid-2.5.STABLE14-1.4E.el4_6.2.s390x.rpm
RedHat4ia64squid< 2.5.STABLE14-1.4E.el4_6.2squid-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm
RedHatanyia64squid< 2.5.STABLE3-9.3Esquid-2.5.STABLE3-9.3E.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	squid	< 2.5.STABLE3-9.3E	squid-2.5.STABLE3-9.3E.x86_64.rpm
RedHat	4	ppc	squid	< 2.5.STABLE14-1.4E.el4_6.2	squid-2.5.STABLE14-1.4E.el4_6.2.ppc.rpm
RedHat	5	i386	squid	< 2.6.STABLE6-5.el5_1.3	squid-2.6.STABLE6-5.el5_1.3.i386.rpm
RedHat	any	s390	squid	< 2.5.STABLE3-9.3E	squid-2.5.STABLE3-9.3E.s390.rpm
RedHat	any	i386	squid	< 2.4.STABLE7-1.21as.12	squid-2.4.STABLE7-1.21as.12.i386.rpm
RedHat	4	x86_64	squid	< 2.5.STABLE14-1.4E.el4_6.2	squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm
RedHat	5	x86_64	squid	< 2.6.STABLE6-5.el5_1.3	squid-2.6.STABLE6-5.el5_1.3.x86_64.rpm
RedHat	4	s390x	squid	< 2.5.STABLE14-1.4E.el4_6.2	squid-2.5.STABLE14-1.4E.el4_6.2.s390x.rpm
RedHat	4	ia64	squid	< 2.5.STABLE14-1.4E.el4_6.2	squid-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm
RedHat	any	ia64	squid	< 2.5.STABLE3-9.3E	squid-2.5.STABLE3-9.3E.ia64.rpm