[UCI-Linux] [SECURITY] Fedora Core 2 Update: squid-2.5.STABLE5-4.fc2

Mike Iglesias IGLESIAS at uci.edu
Wed Oct 6 13:58:02 PDT 2004

Date: Wed, 6 Oct 2004 16:50:41 -0400
From: Jay Fenlason <fenlason at redhat.com>
To: fedora-announce-list at redhat.com
Subject: [SECURITY] Fedora Core 2 Update: squid-2.5.STABLE5-4.fc2

Fedora Update Notification

Product     : Fedora Core 2
Name        : squid
Version     : 2.5.STABLE5                      
Release     : 4.fc2                  
Summary     : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.


This update fixes a potential DoS against squid that was reported by
Secunia.  See
for details.

* Fri Oct 1 2004 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE3-4.fc2.1
- Modify the entry for /etc/squid.conf in this spec file to set the      
  permissions to 640 owned by root:squid.  This will protect passwords
  stored in the file from prying eyes, and close #125007
- Include the -proxy-abuse patch, which closes #133970

This update can be downloaded from:

b735863f8f52314d1ff9981c85ea56b2  SRPMS/squid-2.5.STABLE5-4.fc2.src.rpm
c8c1bc2cd95f892ce602e3e38e9e7823  x86_64/squid-2.5.STABLE5-4.fc2.x86_64.rpm
fcb5484591641424a956b23c97614963  x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.x86_64.rpm
4d80ef2db40a68a7ba2ecffdec9d3372  i386/squid-2.5.STABLE5-4.fc2.i386.rpm
779417acbbfe0e022bc1525d9faae339  i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list