Mandriva Linux Security Advisory : squid (MDVSA-2013:129)
Medium Nessus Plugin ID 66141
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated squid packages fix security vulnerability :
Due to missing input validation, the Squid cachemgr.cgi tool in Squid before 3.1.22 and 3.2.4 is vulnerable to a denial of service attack when processing specially crafted requests (CVE-2012-5643).
It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack (CVE-2013-0189).
SolutionUpdate the affected squid and / or squid-cachemgr packages.