squid 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1127489585
업데이트 : 2005.09.24
상세내용
Squid 는 웹 클라이언트를 위한 고성능 프락시 캐쉬 서버이다. 또한, FTP 와
고퍼, HTTP 데이터 오브젝트를 지원한다.
. CAN-2004-2479 :
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive
information via URLs containing invalid hostnames that cause DNS operations
to fail, which results in references to previously used error messages.
. CAN-2005-2794 :
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause
a denial of service (crash) via certain aborted requests that trigger an
assert error related to STORE_PENDING.
. CAN-2005-2796 :
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier
allows remote attackers to cause a denial of service (segmentation fault)
via certain crafted requests.
Autoupdates 지원 : Packages System
pkgadd -F squid
update 패키지
RPMS :
. squid-2.5.STABLE6-7.i686.rpm
SRPMS :
. squid-2.5.STABLE6-7.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796
|