5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.955 High
EPSS
Percentile
99.2%
Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.
It was found that string comparison functions in Squid did not properly
handle the comparisons of NULL and empty strings. A remote, trusted web
client could use this flaw to cause the squid daemon to crash via a
specially-crafted request. (CVE-2010-3072)
This update also fixes the following bugs:
A small memory leak in Squid caused multiple “ctx: enter level” messages
to be logged to “/var/log/squid/cache.log”. This update resolves the memory
leak. (BZ#666533)
This erratum upgrades Squid to upstream version 3.1.10. This upgraded
version supports the Google Instant service and introduces various code
improvements. (BZ#639365)
Users of squid should upgrade to this updated package, which resolves these
issues. After installing this update, the squid service will be restarted
automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | ppc64 | squid | < 3.1.10-1.el6 | squid-3.1.10-1.el6.ppc64.rpm |
RedHat | 6 | x86_64 | squid | < 3.1.10-1.el6 | squid-3.1.10-1.el6.x86_64.rpm |
RedHat | 6 | i686 | squid | < 3.1.10-1.el6 | squid-3.1.10-1.el6.i686.rpm |
RedHat | 6 | i686 | squid-debuginfo | < 3.1.10-1.el6 | squid-debuginfo-3.1.10-1.el6.i686.rpm |
RedHat | 6 | x86_64 | squid-debuginfo | < 3.1.10-1.el6 | squid-debuginfo-3.1.10-1.el6.x86_64.rpm |
RedHat | 6 | s390x | squid-debuginfo | < 3.1.10-1.el6 | squid-debuginfo-3.1.10-1.el6.s390x.rpm |
RedHat | 6 | ppc64 | squid-debuginfo | < 3.1.10-1.el6 | squid-debuginfo-3.1.10-1.el6.ppc64.rpm |
RedHat | 6 | src | squid | < 3.1.10-1.el6 | squid-3.1.10-1.el6.src.rpm |
RedHat | 6 | s390x | squid | < 3.1.10-1.el6 | squid-3.1.10-1.el6.s390x.rpm |