Fedora 11 : squidGuard-1.4-8.fc11 (2009-10780)
Medium Nessus Plugin ID 42379
SynopsisThe remote Fedora host is missing a security update.
DescriptionFixes language file issue, but more importantly. . . --------------- squidGuard upstream has released patches fixing (quoting from upstream advisories): a, This patch fixes one buffer overflow problem in sgLog.c when overlong URLs are requested. SquidGuard will then go into emergency mode were no blocking occurs. This is not required in this situation. URL:
---- b, This patch fixes two bypass problems with URLs which length is close to the limit defined by MAX_BUF (default: 4096) in squidGuard and MAX_URL (default: 4096 in squid 2.x and 8192 in squid 3.x) in squid. For this kind of URLs the proxy request exceeds MAX_BUF causing squidGuard to complain about not being able to parse the squid request. URL:
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected squidGuard package.