Mandriva Linux Security Advisory : squid (MDVSA-2010:060)
Medium Nessus Plugin ID 45031
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been found and corrected in squid :
The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference (CVE-2010-0639).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
The updated packages have been patched to correct this issue.
SolutionUpdate the affected squid and / or squid-cachemgr packages.