squid-3.1.10-20.AXS4.3

エラータID: AXSA:2014-373:02

Release date: 
Thursday, June 5, 2014 - 18:32
Subject: 
squid-3.1.10-20.AXS4.3
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Security issues fixed with this release:

• CVE-2014-0128
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Solution: 

Update packages.

CVEs: 
CVE-2014-0128
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.


Additional Info: 

N/A

Download: 

SRPMS
  1. squid-3.1.10-20.AXS4.3.src.rpm
    MD5: a9de99d217cec301eec40deaf22597cb
    SHA-256: a11f205ad12a8cd762bc3dea0e25a70d5d8bb70732f74723c26e8ee717cdd257
    Size: 2.45 MB

Asianux Server 4 for x86
  1. squid-3.1.10-20.AXS4.3.i686.rpm
    MD5: 198ce92379cf67e7df0bd21b69e6e651
    SHA-256: 732fbe622c4aad5bade7413e03341a60acc6424f230961e548647975da708fd2
    Size: 1.73 MB

Asianux Server 4 for x86_64
  1. squid-3.1.10-20.AXS4.3.x86_64.rpm
    MD5: 790ed77a0c59be323af943c8782c211f
    SHA-256: 20d233d756a94a87483a56aff8ff7d2e71b876ae9bf22a7cca366d7a00bd23f9
    Size: 1.73 MB