Описание
ELSA-2010-0221: squid security and bug fix update (LOW)
[7:2.6.STABLE21-6]
- Resolves: #561828 - CVE-2009-2855 CVE-2010-0308 squid various flaws [rhel-5.5]
[7:2.6.STABLE21-5]
- Resolves: #538738 - improved patch
[7:2.6.STABLE21-4]
- Resolves: #521926 - squid 'stop after stop' is not LSB compliant
- Resolves: #496170 - Add arp filter option
- Resolves: #516245 - negotiate support not enabled in squid
- Resolves: #538738 - Squid accelerator mode works only if port 80 is opened
- Resolves: #470843 - Squid 'error_map' does not work when used 'Accep-Encoding: gzip'
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
squid
2.6.STABLE21-6.el5
Oracle Linux x86_64
squid
2.6.STABLE21-6.el5
Oracle Linux i386
squid
2.6.STABLE21-6.el5
Связанные CVE
Связанные уязвимости
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.