| Description: | Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects.
A denial of service flaw was found in the way squid processes certain NTLM authentication requests. A remote attacker could send a specially crafted NTLM authentication request which would cause the Squid server to crash. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2917 to this issue.
Several bugs have also been addressed in this update:
An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a user visits a site which has a long DNS record.
Some authentication helpers were missing needed setuid rights.
Squid couldn't handle a reply from a HTTP server when the reply began with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant.
User-defined error pages were not kept when the squid package was upgraded.
All users of squid should upgrade to these updated packages, which contain backported patches to resolve these issues.
|