Mandrake Linux Security Advisory : squid (MDKSA-2007:026)
Medium Nessus Plugin ID 24640
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL (CVE-2007-0247).
Another Denial of Service vulnerability was discovered in squid 2.6 that allows remote attackers to crash the server by causing an external_acl_queue overload (CVE-2007-0248).
Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth has been corrected.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected squid and / or squid-cachemgr packages.