CentOS Local Security Checks : CentOS Update for squid CESA-2011:1791 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881345

Categoría: CentOS Local Security Checks

Título: CentOS Update for squid CESA-2011:1791 centos6

Resumen: The remote host is missing an update for the 'squid'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'squid'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

An input validation flaw was found in the way Squid calculated the total
number of resource records in the answer section of multiple name server
responses. An attacker could use this flaw to cause Squid to crash.
(CVE-2011-4096)

Users of squid should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing this update, the
squid service will be restarted automatically.

Affected Software/OS:
squid on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4096
1026265
http://www.securitytracker.com/id?1026265
46609
http://secunia.com/advisories/46609
47459
http://secunia.com/advisories/47459
MDVSA-2011:193
http://www.mandriva.com/security/advisories?name=MDVSA-2011:193
RHSA-2011:1791
http://www.redhat.com/support/errata/RHSA-2011-1791.html
SUSE-SU-2016:1996
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
SUSE-SU-2016:2089
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
[oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
http://www.openwall.com/lists/oss-security/2011/10/31/5
[oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
http://www.openwall.com/lists/oss-security/2011/11/01/3
http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12
http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881345
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for squid CESA-2011:1791 centos6
Resumen:	The remote host is missing an update for the 'squid'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the referenced advisory. Vulnerability Insight: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. (CVE-2011-4096) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. Affected Software/OS: squid on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4096 1026265 http://www.securitytracker.com/id?1026265 46609 http://secunia.com/advisories/46609 47459 http://secunia.com/advisories/47459 MDVSA-2011:193 http://www.mandriva.com/security/advisories?name=MDVSA-2011:193 RHSA-2011:1791 http://www.redhat.com/support/errata/RHSA-2011-1791.html SUSE-SU-2016:1996 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SUSE-SU-2016:2089 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html [oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record http://www.openwall.com/lists/oss-security/2011/10/31/5 [oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record http://www.openwall.com/lists/oss-security/2011/11/01/3 http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html
Copyright	Copyright (C) 2012 Greenbone AG