Gentoo Security Advisory GLSA 200501-25 (squid) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200501-25.

Solution

All Squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-proxy/squid-2.5.7-r2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-25 http://bugs.gentoo.org/show_bug.cgi?id=77934 http://bugs.gentoo.org/show_bug.cgi?id=77521 http://secunia.com/advisories/13825/ http://secunia.com/advisories/13789/

Insight

Squid contains vulnerabilities in the the code handling NTLM (NT Lan Manager), Gopher to HTML, ACLs and WCCP (Web Cache Communication Protocol) which could lead to ACL bypass, denial of service and arbitrary code execution.

Severity

Classification

CVE CVE-2005-0094, CVE-2005-0095, CVE-2005-0096, CVE-2005-0097, CVE-2005-0194
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200408-21 (cacti)
Gentoo Security Advisory GLSA 200404-16 (monit)
Gentoo Security Advisory GLSA 200406-09 (net-www/horde-chora)
Gentoo Security Advisory GLSA 200408-12 (gaim)
Gentoo Security Advisory GLSA 200409-12 (imagemagick imlib)

Take action and discover your vulnerabilities