|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (isn_at_c4i.org)
Date: Thu Jul 11 2002 - 06:01:46 CDT
http://www.nwfusion.com/news/2002/0710susealert.html
By John Blau
IDG News Service, 07/10/02
SuSE Linux AG Tuesday announced it has detected five security
vulnerabilities in the version of the Squid Web cache software
included in its Linux distribution.
Squid is a high-performance proxy cache server software for Web
clients, supporting FTP, gopher and HTTP data objects. Unlike
traditional caching software, Squid handles all requests in a single,
nonblocking, I/O-driven process.
The severity of the errors in the package ranges from harmless to
critical, according to SuSE in Nürnberg, Germany. The company points
to vulnerabilities in gopher clients and the FTP directory parsing
code, which could "remotely execute code introduced by attackers."
"Every open source vendor with Squid software, which is the most
widely used cache proxy package, is affected," said Roman Drahtmüller,
director of SuSE's security team.
SuSE has released patches [1], which can be found, together with the
company's security announcement.
Further information about the Squid Web proxy can be found here [2].
[1] http://www.suse.de/de/support/security/2002_025_squid_txt.html
[2] http://www.squid-cache.org/
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo
attrition.org with 'unsubscribe isn'
in the BODY of the mail.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]