Mandriva Linux Security Advisory : squid (MDVSA-2009:161-1)
Medium Nessus Plugin ID 40399
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in squid :
Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses (CVE-2009-2621).
Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses (CVE-2009-2622).
This update provides fixes for these vulnerabilities.
Additional upstream security patches were applied :
Debug warnings fills up the logs.
Upstream Bug 2728: regression: assertion failed: http.cc:705: !eof
SolutionUpdate the affected squid and / or squid-cachemgr packages.