-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:068 http://www.mandriva.com/security/ _______________________________________________________________________ Package : squid Date : March 22, 2007 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service. Updated packages have been patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: e56b626c99d9fde6e6ce2e3229365507 2006.0/i586/squid-2.5.STABLE10-10.4.20060mdk.i586.rpm fe14ce71483e6d00471a9b157f1394ad 2006.0/i586/squid-cachemgr-2.5.STABLE10-10.4.20060mdk.i586.rpm e3dca65061ce799f0a14843ff6c9494e 2006.0/SRPMS/squid-2.5.STABLE10-10.4.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 76f9515ef619dfef179bcd89195fe922 2006.0/x86_64/squid-2.5.STABLE10-10.4.20060mdk.x86_64.rpm 2ef40237eb928e6c93c769b5a89e9436 2006.0/x86_64/squid-cachemgr-2.5.STABLE10-10.4.20060mdk.x86_64.rpm e3dca65061ce799f0a14843ff6c9494e 2006.0/SRPMS/squid-2.5.STABLE10-10.4.20060mdk.src.rpm Mandriva Linux 2007.0: 054f7d10fda6b956f9dc3631dfc6d4b0 2007.0/i586/squid-2.6.STABLE1-4.3mdv2007.0.i586.rpm cff3225c30326efd3b60d22a0834556a 2007.0/i586/squid-cachemgr-2.6.STABLE1-4.3mdv2007.0.i586.rpm 39da38403992ae890878163921074e66 2007.0/SRPMS/squid-2.6.STABLE1-4.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 5eefe7e1c4c3220e38d7832690cb323d 2007.0/x86_64/squid-2.6.STABLE1-4.3mdv2007.0.x86_64.rpm 6b0627995c722c40a0159979553a89ff 2007.0/x86_64/squid-cachemgr-2.6.STABLE1-4.3mdv2007.0.x86_64.rpm 39da38403992ae890878163921074e66 2007.0/SRPMS/squid-2.6.STABLE1-4.3mdv2007.0.src.rpm Corporate 3.0: a986e19d7ba9623b4dda97a6bba72f79 corporate/3.0/i586/squid-2.5.STABLE9-1.7.C30mdk.i586.rpm c19c9d0a546f9a49760ef0fdff1c3b20 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.7.C30mdk.src.rpm Corporate 3.0/X86_64: d7f677e1f272e638ee960755459b1ded corporate/3.0/x86_64/squid-2.5.STABLE9-1.7.C30mdk.x86_64.rpm c19c9d0a546f9a49760ef0fdff1c3b20 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.7.C30mdk.src.rpm Corporate 4.0: 6ab68dde26eb1474b501e657dffa8559 corporate/4.0/i586/squid-2.6.STABLE1-4.3.20060mlcs4.i586.rpm 9bdf42003bc25b658a0a1f068161e88a corporate/4.0/i586/squid-cachemgr-2.6.STABLE1-4.3.20060mlcs4.i586.rpm 37dc55633b7cf98ac69109074bf19eb9 corporate/4.0/SRPMS/squid-2.6.STABLE1-4.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0e5bb0f771ab24c33cd83df0b5ce6925 corporate/4.0/x86_64/squid-2.6.STABLE1-4.3.20060mlcs4.x86_64.rpm 318eefc20e4b2e90f297edd4e0d3b9b4 corporate/4.0/x86_64/squid-cachemgr-2.6.STABLE1-4.3.20060mlcs4.x86_64.rpm 37dc55633b7cf98ac69109074bf19eb9 corporate/4.0/SRPMS/squid-2.6.STABLE1-4.3.20060mlcs4.src.rpm Multi Network Firewall 2.0: 0eb2b836cb6c6f04b7bdf588a82de958 mnf/2.0/i586/squid-2.5.STABLE9-1.7.M20mdk.i586.rpm bd364264eb1262e255b796714cbe2f58 mnf/2.0/SRPMS/squid-2.5.STABLE9-1.7.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGAsammqjQ0CJFipgRAgWnAJsE+IF5RHjBEyO6xZX290rMpkF8swCg4vOF XbU1oT9mGL+HAUUT/KlBxDQ= =9mdl -----END PGP SIGNATURE-----