Package: squid Version: 2.6.5-3 Severity: important Tags: security Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of certain FTP URL requests can be exploited to crash Squid by visiting a specially crafted FTP URL via the proxy. 2) An error in the external_acl queue can cause Squid to crash when it is under high load conditions. The vulnerabilities are reported in version 2.6. Other versions may also be affected.
Solution: Update to version 2.6.STABLE7. Reference: http://secunia.com/advisories/23767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0248 Note: Please mention the CVE id in the changelog. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
