squid 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1121107750
업데이트 : 2005.07.12
Squid 는 웹 클라이언트를 위한 고성능 프락시 캐쉬 서버이다. 또한, FTP 와
고퍼, HTTP 데이터 오브젝트를 지원한다.
. CAN-2005-0626 :
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape
Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie
headers to be sent to other users, which allows attackers to steal the related
. CAN-2005-0718 :
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of
service (segmentation fault) by aborting the connection during a (1) PUT or
(2) POST request, which causes Squid to access previously freed memory.
. CAN-2005-1345 :
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies
missing or invalid ACLs in the http_access configuration, which could lead to
less restrictive ACLs than intended by the administrator.
. CAN-2005-1519 :
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the
environment does not prevent IP spoofing, allows remote attackers to spoof
. CVE-1999-0710 :
The RedHat squid program installs cachemgr.cgi in a public web directory,
allowing remote attackers to use it as an intermediary to connect to other
Autoupdate 지원 : Packages System
pkgadd -F squid