Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Tim Sammut <underling@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 201110-24 ] Squid: Multiple vulnerabilities
Date: Wed, 26 Oct 2011 21:16:44
Message-Id: 4EA876F3.8030604@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201110-24
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Squid: Multiple vulnerabilities
9 Date: October 26, 2011
10 Bugs: #279379, #279380, #301828, #334263, #381065, #386215
11 ID: 201110-24
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities were found in Squid allowing attackers to
19 execute arbitrary code or cause a Denial of Service.
20
21 Background
22 ==========
23
24 Squid is a full-featured web proxy cache.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-proxy/squid < 3.1.15 >= 3.1.15
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Squid. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 Remote unauthenticated attackers may be able to execute arbitrary code
44 with the privileges of the Squid process or cause a Denial of Service.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All squid users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15"
58
59 NOTE: This is a legacy GLSA. Updates for all affected architectures are
60 available since September 4, 2011. It is likely that your system is
61 already no longer affected by this issue.
62
63 References
64 ==========
65
66 [ 1 ] CVE-2009-2621
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2621
68 [ 2 ] CVE-2009-2622
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2622
70 [ 3 ] CVE-2009-2855
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2855
72 [ 4 ] CVE-2010-0308
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0308
74 [ 5 ] CVE-2010-0639
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0639
76 [ 6 ] CVE-2010-2951
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2951
78 [ 7 ] CVE-2010-3072
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3072
80 [ 8 ] CVE-2011-3205
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205
82
83 Availability
84 ============
85
86 This GLSA and any updates to it are available for viewing at
87 the Gentoo Security Website:
88
89 http://security.gentoo.org/glsa/glsa-201110-24.xml
90
91 Concerns?
92 =========
93
94 Security is a primary focus of Gentoo Linux and ensuring the
95 confidentiality and security of our users' machines is of utmost
96 importance to us. Any security concerns should be addressed to
97 security@g.o or alternatively, you may file a bug at
98 https://bugs.gentoo.org.
99
100 License
101 =======
102
103 Copyright 2011 Gentoo Foundation, Inc; referenced text
104 belongs to its owner(s).
105
106 The contents of this document are licensed under the
107 Creative Commons - Attribution / Share Alike license.
108
109 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups