Fedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

- Mon May 16 2005 Jay Fenlason <fenlason at redhat.com>
7:2.5.STABLE9-1.FC3.6

- More upstream patches, including ones for bz#157456
CVE-2005-1519 DNS lookups unreliable on untrusted
networks bz#156162 CVE-1999-0710 cachemgr.cgi access
control bypass

- The following bugs had already been fixed, but the
announcements were lost bz#156711 CVE-2005-1390 HTTP
Request Smuggling Vulnerabilities bz#156703
CVE-2005-1389 HTTP Response Splitting Vulnerabilities
(Both fixed by squid-7:2.5.STABLE8-1.FC3.1) bz#151419
Unexpected access control results on configuration
errors (Fixed by 7:2.5.STABLE9-1.FC3.2)
bz#152647#squid-2.5.STABLE9-1.FC3.4.x86_64.rpm is broken
(fixed by 7:2.5.STABLE9-1.FC3.5) bz#141938 squid ldap
authentification broken (Fixed by 7:2.5.STABLE7-1.FC3)

- Fri Apr 1 2005 Jay Fenlason <fenlason at redhat.com>
7:2.5.STABLE9-1.FC3.5

- More upstream patches, including a new version of the
-2GB patch that doesn't break diskd.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?08f99907

Solution :

Update the affected squid and / or squid-debuginfo packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Fedora Local Security Checks

Nessus Plugin ID: 18337 (fedora_2005-373.nasl)

Bugtraq ID:

CVE ID: CVE-1999-0710
CVE-2005-0174
CVE-2005-0175
CVE-2005-1519

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now