Fedora 10 : squidGuard-1.4-8.fc10 (2009-10743)

Medium Nessus Plugin ID 42378


The remote Fedora host is missing a security update.


Fixes language file issue, but more importantly. . . --------------- squidGuard upstream has released patches fixing (quoting from upstream advisories): a, This patch fixes one buffer overflow problem in sgLog.c when overlong URLs are requested. SquidGuard will then go into emergency mode were no blocking occurs. This is not required in this situation. URL:
---- b, This patch fixes two bypass problems with URLs which length is close to the limit defined by MAX_BUF (default: 4096) in squidGuard and MAX_URL (default: 4096 in squid 2.x and 8192 in squid 3.x) in squid. For this kind of URLs the proxy request exceeds MAX_BUF causing squidGuard to complain about not being able to parse the squid request. URL:

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected squidGuard package.

See Also






Plugin Details

Severity: Medium

ID: 42378

File Name: fedora_2009-10743.nasl

Version: $Revision: 1.13 $

Type: local

Agent: unix

Published: 2009/11/05

Modified: 2016/05/05

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:squidGuard, cpe:/o:fedoraproject:fedora:10

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/10/27

Reference Information

BID: 36800

FEDORA: 2009-10743

Secunia: 37107