RHBA-2015:1314 - Bug Fix Advisory

Topic

Updated squid packages that fix several bugs and add various enhancements are
now available for Red Hat Enterprise Linux 6.

Description

Squid is a high-performance proxy caching server for web clients, supporting
FTP, Gopher, and HTTP data objects.

The squid packages have been upgraded to upstream version 3.1.23, which provides
a number of bug fixes and enhancements over the previous version. Among others,
this update adds support for the HTTP/1.1 POST and PUT responses with no message
body to squid. (BZ#999305)

This update also fixes the following bugs:

• During the testing phase, it was discovered that restarting squid caused all

files on the system to be deleted. Red Hat has fixed the bug before it could
affect any users of squid. As a result, restarting squid does not cause any
files on the system to be deleted. This bug was never released neither as part
of Red Hat Enterprise Linux, nor as part of any upstream version of the squid
packages. For more information about the bug, see the Knowledgebase Solution
linked to in the References section. (BZ#1202858)

• Prior to this update, it was possible to start a new instance of squid while a

previous instance was still running. Consequently, the previous instance of
squid was running simultaneously with the new instance. This update modifies the
squid init script to verify that squid has been terminated before starting a new
instance. As a result, the squid init script fails with an error when a new
instance is initiated in this scenario, allowing the administrator to properly
handle the situation. (BZ#1102343)

• Under high system load, the squid process sometimes terminated unexpectedly

with a segmentation fault during reboot. This update provides better memory
handling during reboot, thus fixing this bug. (BZ#1112842)

• Previously, squid sometimes returned an incorrect tag from the Access Control

List (ACL) code when using an external ACL. The bug has been fixed, and squid no
longer returns the incorrect ACL tag in this situation. (BZ#1114714)

• Prior to this update, squid in some cases terminated unexpectedly with the

following error message:

xstrdup: tried to dup a NULL pointer!

This update fixes the incorrect error handling that caused this problem. As a
result, the described error no longer causes squid to crash. (BZ#1149588)

• Previously, certain monitoring utilities could not load the Management

Information Base (MIB) modules. The obsolete MIB file causing this problem has
been updated, and the MIB modules can now be loaded as expected. (BZ#1162115)

• Previously, it was not possible to log host names. With this update, squid no

longer sends malformed DNS PTR queries, and as a result, host names are logged
as expected. (BZ#1165618)

• Prior to this update, squid terminated unexpectedly when it encountered a

certain assertion in the squid code. The assertion has been replaced with proper
error handling, and squid now handles the described situation gracefully.
(BZ#1171967)

• Previously, squid exceeded the limit of maximum locks set to 65,535 under

certain circumstances. Consequently, squid terminated unexpectedly. This update
significantly increases the lock limit. The new limit is sufficient to prevent
squid from exceeding the maximum limit of locks in usual situations.
(BZ#1177413)

In addition, this update adds the following enhancement:

• The squid packages are now built with the "--enable-http-violations" option

and allow the user to hide or rewrite HTTP headers. (BZ#1171947)

Users of squid are advised to upgrade to these updated packages, which fix these
bugs and add these enhancements. After installing this update, the squid service
will be restarted automatically.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 1102343 - service squid restart sometimes leaves duplicate processes
• BZ - 1114714 - When squid returns an ACL tag utilizing an external ACL, sometimes the incorrect tag is used for redirection.
• BZ - 1149588 - (squid): xstrdup: tried to dup a NULL pointer!
• BZ - 1165618 - Malformed ipv6 DNS reverse lookup
• BZ - 1171947 - RFE: Squid - add '--enable-http-violations' configure option
• BZ - 1202858 - [UNRELEASED] restarting testing build of squid results in deleting all files in hard-drive

CVEs

(none)

References

• https://access.redhat.com/solutions/1391523