Security Advisory Moderate: squid security update

Advisory: RHSA-2008:0214-3
Type: Security Advisory
Severity: Moderate
Issued on: 2008-04-08
Last updated on: 2008-04-08
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: com.redhat.rhsa-20080214.xml
CVEs (cve.mitre.org): CVE-2008-1612

Details

Updated squid packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.

A flaw was found in the way squid manipulated HTTP headers for cached
objects stored in system memory. An attacker could use this flaw to cause a
squid child process to exit. This interrupted existing connections and made
proxy services unavailable. Note: the parent squid process started a new
child process, so this attack only resulted in a temporary denial of
service. (CVE-2008-1612)

Users of squid are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
squid-2.6.STABLE6-5.el5_1.3.src.rpm     bf96e790ba507f1aecbdfe23e81d4d74
 
IA-32:
squid-2.6.STABLE6-5.el5_1.3.i386.rpm     f78ade43630f91f32e82b7de9569d9f2
 
x86_64:
squid-2.6.STABLE6-5.el5_1.3.x86_64.rpm     14c3edc7d1d633f9ef053f3e3aa761e5
 
Red Hat Desktop (v. 3)
SRPMS:
squid-2.5.STABLE3-9.3E.src.rpm     2ff42eacd9bcc2b234c3071106468908
 
IA-32:
squid-2.5.STABLE3-9.3E.i386.rpm     0b3acee75fd7f55a4845c6398d4b3e1e
 
x86_64:
squid-2.5.STABLE3-9.3E.x86_64.rpm     6110789319deb8b3d19ccb19262f7185
 
Red Hat Desktop (v. 4)
SRPMS:
squid-2.5.STABLE14-1.4E.el4_6.2.src.rpm
File outdated by:  RHBA-2008:0230		     fd0d98ef185697d96e6ac63d1b7da0e6
 
IA-32:
squid-2.5.STABLE14-1.4E.el4_6.2.i386.rpm
File outdated by:  RHBA-2008:0230		     90bc1a58d58da0968e6e987ea9beb8db
 
x86_64:
squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm
File outdated by:  RHBA-2008:0230		     9590a424849e3075d5b18d5f58b1f497
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
squid-2.6.STABLE6-5.el5_1.3.src.rpm     bf96e790ba507f1aecbdfe23e81d4d74
 
IA-32:
squid-2.6.STABLE6-5.el5_1.3.i386.rpm     f78ade43630f91f32e82b7de9569d9f2
 
IA-64:
squid-2.6.STABLE6-5.el5_1.3.ia64.rpm     a24f2d466270518a2e17cf0ae2683c67
 
PPC:
squid-2.6.STABLE6-5.el5_1.3.ppc.rpm     06f62691aa6fb148d98a1ff9e8a9975a
 
s390x:
squid-2.6.STABLE6-5.el5_1.3.s390x.rpm     c2ac49b5932f623781a584dd1f6c8b86
 
x86_64:
squid-2.6.STABLE6-5.el5_1.3.x86_64.rpm     14c3edc7d1d633f9ef053f3e3aa761e5
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
squid-2.4.STABLE7-1.21as.12.src.rpm     0728c90364cb13ea1d799f9d6cd4c0c3
 
IA-32:
squid-2.4.STABLE7-1.21as.12.i386.rpm     7f9788efe98295e121cb637f1e083a84
 
IA-64:
squid-2.4.STABLE7-1.21as.12.ia64.rpm     7bda4a709ebf8e9e47e2c99130a7c21e
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
squid-2.5.STABLE3-9.3E.src.rpm     2ff42eacd9bcc2b234c3071106468908
 
IA-32:
squid-2.5.STABLE3-9.3E.i386.rpm     0b3acee75fd7f55a4845c6398d4b3e1e
 
IA-64:
squid-2.5.STABLE3-9.3E.ia64.rpm     454094e5092ad8ac1c2602e4b4b10f4c
 
PPC:
squid-2.5.STABLE3-9.3E.ppc.rpm     840118f9107205c82b8d5687d4747773
 
s390:
squid-2.5.STABLE3-9.3E.s390.rpm     40081713439d4d45228c944824b726b0
 
s390x:
squid-2.5.STABLE3-9.3E.s390x.rpm     a5eead1e9b49862976e0c71797c015e9
 
x86_64:
squid-2.5.STABLE3-9.3E.x86_64.rpm     6110789319deb8b3d19ccb19262f7185
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
squid-2.5.STABLE14-1.4E.el4_6.2.src.rpm
File outdated by:  RHBA-2008:0230		     fd0d98ef185697d96e6ac63d1b7da0e6
 
IA-32:
squid-2.5.STABLE14-1.4E.el4_6.2.i386.rpm
File outdated by:  RHBA-2008:0230		     90bc1a58d58da0968e6e987ea9beb8db
 
IA-64:
squid-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm
File outdated by:  RHBA-2008:0230		     a8823d56cfe119daafaf8709ca401e42
 
PPC:
squid-2.5.STABLE14-1.4E.el4_6.2.ppc.rpm
File outdated by:  RHBA-2008:0230		     4e342689c1d824b31e5aff280e5deecf
 
s390:
squid-2.5.STABLE14-1.4E.el4_6.2.s390.rpm
File outdated by:  RHBA-2008:0230		     88c281776c850aeb5cee14df1455ca10
 
s390x:
squid-2.5.STABLE14-1.4E.el4_6.2.s390x.rpm
File outdated by:  RHBA-2008:0230		     6c775fd631a4a0d241d2c94bae2d444c
 
x86_64:
squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm
File outdated by:  RHBA-2008:0230		     9590a424849e3075d5b18d5f58b1f497
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
squid-2.4.STABLE7-1.21as.12.src.rpm     0728c90364cb13ea1d799f9d6cd4c0c3
 
IA-32:
squid-2.4.STABLE7-1.21as.12.i386.rpm     7f9788efe98295e121cb637f1e083a84
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
squid-2.5.STABLE3-9.3E.src.rpm     2ff42eacd9bcc2b234c3071106468908
 
IA-32:
squid-2.5.STABLE3-9.3E.i386.rpm     0b3acee75fd7f55a4845c6398d4b3e1e
 
IA-64:
squid-2.5.STABLE3-9.3E.ia64.rpm     454094e5092ad8ac1c2602e4b4b10f4c
 
x86_64:
squid-2.5.STABLE3-9.3E.x86_64.rpm     6110789319deb8b3d19ccb19262f7185
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
squid-2.5.STABLE14-1.4E.el4_6.2.src.rpm
File outdated by:  RHBA-2008:0230		     fd0d98ef185697d96e6ac63d1b7da0e6
 
IA-32:
squid-2.5.STABLE14-1.4E.el4_6.2.i386.rpm
File outdated by:  RHBA-2008:0230		     90bc1a58d58da0968e6e987ea9beb8db
 
IA-64:
squid-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm
File outdated by:  RHBA-2008:0230		     a8823d56cfe119daafaf8709ca401e42
 
x86_64:
squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm
File outdated by:  RHBA-2008:0230		     9590a424849e3075d5b18d5f58b1f497
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
squid-2.5.STABLE3-9.3E.src.rpm     2ff42eacd9bcc2b234c3071106468908
 
IA-32:
squid-2.5.STABLE3-9.3E.i386.rpm     0b3acee75fd7f55a4845c6398d4b3e1e
 
IA-64:
squid-2.5.STABLE3-9.3E.ia64.rpm     454094e5092ad8ac1c2602e4b4b10f4c
 
x86_64:
squid-2.5.STABLE3-9.3E.x86_64.rpm     6110789319deb8b3d19ccb19262f7185
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
squid-2.5.STABLE14-1.4E.el4_6.2.src.rpm
File outdated by:  RHBA-2008:0230		     fd0d98ef185697d96e6ac63d1b7da0e6
 
IA-32:
squid-2.5.STABLE14-1.4E.el4_6.2.i386.rpm
File outdated by:  RHBA-2008:0230		     90bc1a58d58da0968e6e987ea9beb8db
 
IA-64:
squid-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm
File outdated by:  RHBA-2008:0230		     a8823d56cfe119daafaf8709ca401e42
 
x86_64:
squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm
File outdated by:  RHBA-2008:0230		     9590a424849e3075d5b18d5f58b1f497
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
squid-2.4.STABLE7-1.21as.12.src.rpm     0728c90364cb13ea1d799f9d6cd4c0c3
 
IA-64:
squid-2.4.STABLE7-1.21as.12.ia64.rpm     7bda4a709ebf8e9e47e2c99130a7c21e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

439801 - CVE-2008-1612 squid: regression in SQUID-2007:2 / CVE-2007-6239


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/