Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:1791

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70492

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:1791

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:1791.

Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

An input validation flaw was found in the way Squid calculated the total
number of resource records in the answer section of multiple name server
responses. An attacker could use this flaw to cause Squid to crash.
(CVE-2011-4096)

Users of squid should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing this update, the
squid service will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1791.html

Risk factor : Medium

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4096
1026265
http://www.securitytracker.com/id?1026265
46609
http://secunia.com/advisories/46609
47459
http://secunia.com/advisories/47459
MDVSA-2011:193
http://www.mandriva.com/security/advisories?name=MDVSA-2011:193
RHSA-2011:1791
http://www.redhat.com/support/errata/RHSA-2011-1791.html
SUSE-SU-2016:1996
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
SUSE-SU-2016:2089
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
[oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
http://www.openwall.com/lists/oss-security/2011/10/31/5
[oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
http://www.openwall.com/lists/oss-security/2011/11/01/3
http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12
http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70492
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:1791
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:1791. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. (CVE-2011-4096) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1791.html Risk factor : Medium
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4096 1026265 http://www.securitytracker.com/id?1026265 46609 http://secunia.com/advisories/46609 47459 http://secunia.com/advisories/47459 MDVSA-2011:193 http://www.mandriva.com/security/advisories?name=MDVSA-2011:193 RHSA-2011:1791 http://www.redhat.com/support/errata/RHSA-2011-1791.html SUSE-SU-2016:1996 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SUSE-SU-2016:2089 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html [oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record http://www.openwall.com/lists/oss-security/2011/10/31/5 [oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record http://www.openwall.com/lists/oss-security/2011/11/01/3 http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com