|
Family: Ubuntu Local Security Checks --> Category: infos
USN183-1 : squid vulnerabilities Vulnerability Scan
Vulnerability Scan Summary squid vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- squid
- squid-cgi
- squid-common
- squidclient
Description :
A Denial of Service vulnerability was discovered in the handling of
aborted requests. A remote attacker could exploit this to crash Squid
by sending specially crafted requests. (CVE-2005-2794)
Alex Masterov discovered a Denial of Service vulnerability in the
sslConnectTimeout() function. By sending specially crafted SSL
requests, a remote attacker could exploit this to crash Squid.
(CVE-2005-2796)
Solution :
Upgrade to :
- squid-2.5.8-3ubuntu1.3 (Ubuntu 5.04)
- squid-cgi-2.5.8-3ubuntu1.3 (Ubuntu 5.04)
- squid-common-2.5.8-3ubuntu1.3 (Ubuntu 5.04)
- squidclient-2.5.8-3ubuntu1.3 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|