Mandrake Linux Security Advisory : squid (MDKSA-2004:112)
Medium Nessus Plugin ID 15547
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptioniDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap corruption or some other exceptional condition, and closing all current connections then restarting.
Squid 2.5.STABLE7 has been released to address this issue; the provided packages are patched to fix the issue.
SolutionUpdate the affected squid package.