An updated squid package that fixes a security vulnerability in the NTLM
authentication helper is now available.
Squid is a full-featured Web proxy cache.
An out of bounds memory read bug was found within the NTLM authentication
helper routine. If Squid is configured to use the NTLM authentication
helper, a remote attacker could send a carefully crafted NTLM
authentication packet and cause Squid to crash. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0832
to this issue.
Note: The NTLM authentication helper is not enabled by default in Red Hat
Enterprise Linux 3. Red Hat Enterprise Linux 2.1 is not vulnerable to this
issue as it shipped with a version of Squid which did not contain the
vulnerable helper.
Users of Squid should update to this erratum package, which contains a
backported patch and is not vulnerable to this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
| Red Hat Desktop (v. 3) |
|
| SRPMS: |
squid-2.5.STABLE3-6.3E.1.src.rpm
File outdated by: RHSA-2008:0214 |
319a574d8ab2d7e1bfa454055f3f1933 |
| |
| IA-32: |
squid-2.5.STABLE3-6.3E.1.i386.rpm
File outdated by: RHSA-2008:0214 |
3b46288783aacdd9842d43f221201c44 |
| |
| x86_64: |
squid-2.5.STABLE3-6.3E.1.x86_64.rpm
File outdated by: RHSA-2008:0214 |
0c63d4747a0e6848cd69259b6e7648dd |
| |
| Red Hat Enterprise Linux AS (v. 3) |
|
| SRPMS: |
squid-2.5.STABLE3-6.3E.1.src.rpm
File outdated by: RHSA-2008:0214 |
319a574d8ab2d7e1bfa454055f3f1933 |
| |
| IA-32: |
squid-2.5.STABLE3-6.3E.1.i386.rpm
File outdated by: RHSA-2008:0214 |
3b46288783aacdd9842d43f221201c44 |
| |
| IA-64: |
squid-2.5.STABLE3-6.3E.1.ia64.rpm
File outdated by: RHSA-2008:0214 |
e92e66c250e34497a397c53c33ae1c2b |
| |
| PPC: |
squid-2.5.STABLE3-6.3E.1.ppc.rpm
File outdated by: RHSA-2008:0214 |
726578556b36bb263526841add7dd9a2 |
| |
| s390: |
squid-2.5.STABLE3-6.3E.1.s390.rpm
File outdated by: RHSA-2008:0214 |
ce1c585636cfe7843f9188f283533800 |
| |
| s390x: |
squid-2.5.STABLE3-6.3E.1.s390x.rpm
File outdated by: RHSA-2008:0214 |
cd974ecba26d90d98a145e9813221dfb |
| |
| x86_64: |
squid-2.5.STABLE3-6.3E.1.x86_64.rpm
File outdated by: RHSA-2008:0214 |
0c63d4747a0e6848cd69259b6e7648dd |
| |
| Red Hat Enterprise Linux ES (v. 3) |
|
| SRPMS: |
squid-2.5.STABLE3-6.3E.1.src.rpm
File outdated by: RHSA-2008:0214 |
319a574d8ab2d7e1bfa454055f3f1933 |
| |
| IA-32: |
squid-2.5.STABLE3-6.3E.1.i386.rpm
File outdated by: RHSA-2008:0214 |
3b46288783aacdd9842d43f221201c44 |
| |
| IA-64: |
squid-2.5.STABLE3-6.3E.1.ia64.rpm
File outdated by: RHSA-2008:0214 |
e92e66c250e34497a397c53c33ae1c2b |
| |
| x86_64: |
squid-2.5.STABLE3-6.3E.1.x86_64.rpm
File outdated by: RHSA-2008:0214 |
0c63d4747a0e6848cd69259b6e7648dd |
| |
| Red Hat Enterprise Linux WS (v. 3) |
|
| SRPMS: |
squid-2.5.STABLE3-6.3E.1.src.rpm
File outdated by: RHSA-2008:0214 |
319a574d8ab2d7e1bfa454055f3f1933 |
| |
| IA-32: |
squid-2.5.STABLE3-6.3E.1.i386.rpm
File outdated by: RHSA-2008:0214 |
3b46288783aacdd9842d43f221201c44 |
| |
| IA-64: |
squid-2.5.STABLE3-6.3E.1.ia64.rpm
File outdated by: RHSA-2008:0214 |
e92e66c250e34497a397c53c33ae1c2b |
| |
| x86_64: |
squid-2.5.STABLE3-6.3E.1.x86_64.rpm
File outdated by: RHSA-2008:0214 |
0c63d4747a0e6848cd69259b6e7648dd |
| |
(The unlinked packages above are only available from the Red Hat Network)
|
131750 - CAN-2004-0832 Certain malformed NTLMSSP packets could crash the NTLM helpers provided by Squid