[UCI-Linux] [CORRECTED] [SECURITY] Fedora Core 2 Update: squid-2.5.STABLE5-4.fc2.1

Mike Iglesias IGLESIAS at uci.edu
Thu Oct 7 13:08:13 PDT 2004

Date: Thu, 7 Oct 2004 13:43:08 -0400
From: Jay Fenlason <fenlason at redhat.com>
To: fedora-announce-list at redhat.com
Subject: [CORRECTED] [SECURITY] Fedora Core 2 Update: squid-2.5.STABLE5-4.fc2.1

Because of a typeo, the original announcement referred to the
squid-2.5.STABLE5-4.fc2 rpms instead of the
squid-2.5.STABLE5-4.fc2.1 ones.  This corrected advisory lists the
correct rpms and MD5 sums.

Fedora Update Notification

Product     : Fedora Core 2
Name        : squid
Version     : 2.5.STABLE5                      
Release     : 4.fc2.1                  
Summary     : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.


This update fixes a potential DoS against squid that was reported by
Secunia.  See                                                       
for details.

* Fri Oct 01 2004 Jay Fenlason <fenlason at redhat.com> 7:2.5.STABLE3-4.fc2.1

- Modify the entry for /etc/squid.conf in this spec file to set the
  permissions to 640 owned by root:squid.  This will protect passwords
  stored in the file from prying eyes, and close #125007
- Include the -proxy-abuse patch, which closes #133970

This update can be downloaded from:

7419c4a407998180020030c89f44fc87  SRPMS/squid-2.5.STABLE5-4.fc2.1.src.rpm
e2a0f29bbdbe44cff75f0ba644a7fbba  x86_64/squid-2.5.STABLE5-4.fc2.1.x86_64.rpm
4cb91edbca411b00aef3008920ae9714  x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.1.x86_64.rpm
730574b7d98c1c77b33529591989f191  i386/squid-2.5.STABLE5-4.fc2.1.i386.rpm
a7a7f22361580f62f166ace5b5bc3316  i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list