RHSA-2011:1293-01 -- Redhat squidID: oval:org.secpod.oval:def:500241 | Date: (C)2012-01-31 (M)2023-12-07 |
Class: PATCH | Family: unix |
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
Platform: |
Red Hat Enterprise Linux 6 |