Gentoo Security Advisory GLSA 200502-04 (squid) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200502-04.

Solution

All Squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-proxy/squid-2.5.7-r5' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200502-04 http://bugs.gentoo.org/show_bug.cgi?id=79495 http://bugs.gentoo.org/show_bug.cgi?id=78776 http://bugs.gentoo.org/show_bug.cgi?id=80201 http://bugs.gentoo.org/show_bug.cgi?id=80341

Insight

Squid contains vulnerabilities in the code handling WCCP, HTTP and LDAP which could lead to Denial of Service, access control bypass, web cache and log poisoning.

Severity

Classification

CVE CVE-2005-0173, CVE-2005-0174, CVE-2005-0175, CVE-2005-0211

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200311-08 (Libnids)
Gentoo Security Advisory GLSA 200406-06 (CVS)
Gentoo Security Advisory GLSA 200404-05 (ipsec-tools)
Gentoo Security Advisory GLSA 200406-21 (mit-krb5)
Gentoo Security Advisory GLSA 200402-02 (200402-02)

Take action and discover your vulnerabilities