MDVSA-2009:293 -- Mandriva squidGuardID: oval:org.secpod.oval:def:300627 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in squidGuard: Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service via a long URL with many / characters, related to emergency mode. Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and a redirect URL that contains information about the originally requested URL . squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |