Fedora Local Security Checks : Fedora Core 2 FEDORA-2004-164 (squid)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.50374

Category: Fedora Local Security Checks

Title: Fedora Core 2 FEDORA-2004-164 (squid)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to squid
announced via advisory FEDORA-2004-164.

Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

* Mon Jun 07 2004 Jay Fenlason 7:2.5.STABLE3-4.fc2

- Backport security fix for ntlm auth helper (CVE-2004-0541).

* Thu Apr 08 2004 Jay Fenlason 7:2.5.STABLE5-3

- Fix the -pipe patch to have the correct name of the winbind pipe.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

b735863f8f52314d1ff9981c85ea56b2 SRPMS/squid-2.5.STABLE5-4.fc2.src.rpm
4d80ef2db40a68a7ba2ecffdec9d3372 i386/squid-2.5.STABLE5-4.fc2.i386.rpm
779417acbbfe0e022bc1525d9faae339 i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.i386.rpm
c8c1bc2cd95f892ce602e3e38e9e7823 x86_64/squid-2.5.STABLE5-4.fc2.x86_64.rpm
fcb5484591641424a956b23c97614963 x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.x86_64.rpm

This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.

Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-164.shtml

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: BugTraq ID: 10500
Common Vulnerability Exposure (CVE) ID: CVE-2004-0541
http://www.securityfocus.com/bid/10500
http://fedoranews.org/updates/FEDORA--.shtml
http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059
http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A980
http://www.redhat.com/support/errata/RHSA-2004-242.html
SGI Security Advisory: 20040604-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
SuSE Security Announcement: SuSE-SA:2004:016 (Google Search)
http://www.trustix.net/errata/2004/0033/
XForce ISS Database: squid-ntlm-bo(16360)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16360

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.50374
Category:	Fedora Local Security Checks
Title:	Fedora Core 2 FEDORA-2004-164 (squid)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to squid announced via advisory FEDORA-2004-164. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. * Mon Jun 07 2004 Jay Fenlason 7:2.5.STABLE3-4.fc2 - Backport security fix for ntlm auth helper (CVE-2004-0541). * Thu Apr 08 2004 Jay Fenlason 7:2.5.STABLE5-3 - Fix the -pipe patch to have the correct name of the winbind pipe. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b735863f8f52314d1ff9981c85ea56b2 SRPMS/squid-2.5.STABLE5-4.fc2.src.rpm 4d80ef2db40a68a7ba2ecffdec9d3372 i386/squid-2.5.STABLE5-4.fc2.i386.rpm 779417acbbfe0e022bc1525d9faae339 i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.i386.rpm c8c1bc2cd95f892ce602e3e38e9e7823 x86_64/squid-2.5.STABLE5-4.fc2.x86_64.rpm fcb5484591641424a956b23c97614963 x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.x86_64.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-164.shtml Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	BugTraq ID: 10500 Common Vulnerability Exposure (CVE) ID: CVE-2004-0541 http://www.securityfocus.com/bid/10500 http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059 http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10722 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A980 http://www.redhat.com/support/errata/RHSA-2004-242.html SGI Security Advisory: 20040604-01-U ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc SuSE Security Announcement: SuSE-SA:2004:016 (Google Search) http://www.trustix.net/errata/2004/0033/ XForce ISS Database: squid-ntlm-bo(16360) https://exchange.xforce.ibmcloud.com/vulnerabilities/16360
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com