[ISN] SuSE Linux issues Squid security alert

From: InfoSec News (isnat_private)
Date: Thu Jul 11 2002 - 04:01:46 PDT

  • Next message: InfoSec News: "[ISN] EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability"

    By John Blau
    IDG News Service, 07/10/02 
    SuSE Linux AG Tuesday announced it has detected five security 
    vulnerabilities in the version of the Squid Web cache software 
    included in its Linux distribution.
    Squid is a high-performance proxy cache server software for Web 
    clients, supporting FTP, gopher and HTTP data objects. Unlike 
    traditional caching software, Squid handles all requests in a single, 
    nonblocking, I/O-driven process. 
    The severity of the errors in the package ranges from harmless to 
    critical, according to SuSE in Nürnberg, Germany. The company points 
    to vulnerabilities in gopher clients and the FTP directory parsing 
    code, which could "remotely execute code introduced by attackers." 
    "Every open source vendor with Squid software, which is the most 
    widely used cache proxy package, is affected," said Roman Drahtmüller, 
    director of SuSE's security team. 
    SuSE has released patches [1], which can be found, together with the 
    company's security announcement. 
    Further information about the Squid Web proxy can be found here [2]. 
    [1] http://www.suse.de/de/support/security/2002_025_squid_txt.html
    [2] http://www.squid-cache.org/
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 06:43:32 PDT