Mandrake Linux Security Advisory : squid (MDKSA-2002:044)
High Nessus Plugin ID 13947
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionNumerous security problems were fixed in squid-2.4.STABLE7. This releases has several bugfixes to the Gopher client to correct some security issues. Security fixes to how squid parses FTP directory listings into HTML have been implemented. A security fix to how squid forwards proxy authentication credentials has been applied, as well as the MSNT auth helper has been updated to fix buffer overflows in the helper. Finally, FTP data channels are now sanity checked to match the address of the requested FTP server, which prevents injection of data or theft.
SolutionUpdate the affected squid package.