Squid is a feature-rich web-proxy with support for various web-related protocols. The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution. Due to the hugh amount of bugs the vulnerabilities are just summarized here. CAN-2005-0094 A buffer overflow in the Gopher responses parser leads to memory corruption and usually crash squid.
There is no workaround known.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | i586 | squid | < 2.5.STABLE5-42.27 | squid-2.5.STABLE5-42.27.i586.rpm |
openSUSE | 9.1 | x86_64 | squid | < 2.5.STABLE5-42.27 | squid-2.5.STABLE5-42.27.x86_64.rpm |
openSUSE | 9.0 | i586 | squid | < 2.5.STABLE3-118 | squid-2.5.STABLE3-118.i586.rpm |
openSUSE | 8.2 | i586 | squid | < 2.5.STABLE1-106 | squid-2.5.STABLE1-106.i586.rpm |
openSUSE | 8.1 | i586 | squid | < 2.4.STABLE7-288 | squid-2.4.STABLE7-288.i586.rpm |
openSUSE | 9.0 | x86_64 | squid | < 2.5.STABLE3-118 | squid-2.5.STABLE3-118.x86_64.rpm |
openSUSE | 9.2 | i586 | squid | < 2.5.STABLE6-6.6 | squid-2.5.STABLE6-6.6.i586.rpm |
openSUSE | 9.2 | x86_64 | squid | < 2.5.STABLE6-6.6 | squid-2.5.STABLE6-6.6.x86_64.rpm |