Mandrake Linux Security Advisory : squid (MDKSA-2005:014)
Medium Nessus Plugin ID 16242
SynopsisThe remote Mandrake Linux host is missing a security update.
Description'infamous41md' discovered two vulnerabilities in the squid proxy cache server. The first is a buffer overflow in the Gopher response parser which leads to memory corruption and would usually crash squid (CVE-2005-0094). The second is an integer overflow in the receiver of WCCP (Web Cache Communication Protocol) messages. An attacker could send a specially crafted UDP datagram that would cause squid to crash (CVE-2005-0095).
The updated packages have been patched to prevent these problems.
SolutionUpdate the affected squid package.