-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:150 http://www.mandriva.com/security/ _______________________________________________________________________ Package : squid Date : October 15, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in squid: Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression (CVE-2011-3205). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3208 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 4aec20d8fd59b7aceb7a6a9274b287db 2009.0/i586/squid-3.0-22.5mdv2009.0.i586.rpm d22e9f4dc350a0a9eb21d37874b5e3b1 2009.0/i586/squid-cachemgr-3.0-22.5mdv2009.0.i586.rpm 75fc6a45c746b00119e613cbf4392942 2009.0/SRPMS/squid-3.0-22.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 30243c9f54b656394b8b7ddbe7cd4791 2009.0/x86_64/squid-3.0-22.5mdv2009.0.x86_64.rpm c0dc39d1e176109cac25e3c60bb0ad58 2009.0/x86_64/squid-cachemgr-3.0-22.5mdv2009.0.x86_64.rpm 75fc6a45c746b00119e613cbf4392942 2009.0/SRPMS/squid-3.0-22.5mdv2009.0.src.rpm Mandriva Linux 2010.1: 0da32480f47832e3751e0d06acf630ce 2010.1/i586/squid-3.1-14.2mdv2010.2.i586.rpm 227cb00c733ebfa5338a74d76a698865 2010.1/i586/squid-cachemgr-3.1-14.2mdv2010.2.i586.rpm dd1dee3113db5cd60bb3343ebfd216ab 2010.1/SRPMS/squid-3.1-14.2mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: ae236c628eea53d0165adf3f855fd8b0 2010.1/x86_64/squid-3.1-14.2mdv2010.2.x86_64.rpm 89db57aa2a0146d85792b642dd17f05d 2010.1/x86_64/squid-cachemgr-3.1-14.2mdv2010.2.x86_64.rpm dd1dee3113db5cd60bb3343ebfd216ab 2010.1/SRPMS/squid-3.1-14.2mdv2010.2.src.rpm Mandriva Enterprise Server 5: eb2bfc4a261922c5fc51b031db1b1008 mes5/i586/squid-3.0-22.5mdvmes5.2.i586.rpm 270afc45addd597391ba0bda571d25d9 mes5/i586/squid-cachemgr-3.0-22.5mdvmes5.2.i586.rpm 6595af1c5f21be921f9b3c85dc70ed98 mes5/SRPMS/squid-3.0-22.5mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 8eac48174ec86a8f4fd57b63c9df9458 mes5/x86_64/squid-3.0-22.5mdvmes5.2.x86_64.rpm a9119fac6d475928d95eb3baef99f908 mes5/x86_64/squid-cachemgr-3.0-22.5mdvmes5.2.x86_64.rpm 6595af1c5f21be921f9b3c85dc70ed98 mes5/SRPMS/squid-3.0-22.5mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOmat0mqjQ0CJFipgRAknuAKDzQPTFe/ZTwqdmpFH/8GxtQ/NCIgCcDgyA kGmLpDAe1wkpduRLDzeROxY= =rAvw -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/