Test ID:	1.3.6.1.4.1.25623.1.0.831469
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for squid MDVSA-2011:150 (squid)
Summary:	The remote host is missing an update for the 'squid'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'squid' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been discovered and corrected in squid: Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression (CVE-2011-3205). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: squid on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0094 BugTraq ID: 12276 http://www.securityfocus.com/bid/12276 Conectiva Linux advisory: CLA-2005:923 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 Debian Security Information: DSA-651 (Google Search) http://www.debian.org/security/2005/dsa-651 http://fedoranews.org/updates/FEDORA--.shtml http://security.gentoo.org/glsa/glsa-200501-25.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11146 http://www.redhat.com/support/errata/RHSA-2005-060.html http://www.redhat.com/support/errata/RHSA-2005-061.html http://secunia.com/advisories/13825 SuSE Security Announcement: SUSE-SA:2005:006 (Google Search) http://www.novell.com/linux/security/advisories/2005_06_squid.html http://www.trustix.org/errata/2005/0003/ Common Vulnerability Exposure (CVE) ID: CVE-2011-3205 1025981 http://securitytracker.com/id?1025981 45805 http://secunia.com/advisories/45805 45906 http://secunia.com/advisories/45906 45920 http://secunia.com/advisories/45920 45965 http://secunia.com/advisories/45965 46029 http://secunia.com/advisories/46029 49356 http://www.securityfocus.com/bid/49356 74847 http://www.osvdb.org/74847 DSA-2304 http://www.debian.org/security/2011/dsa-2304 FEDORA-2011-11854 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html MDVSA-2011:150 http://www.mandriva.com/security/advisories?name=MDVSA-2011:150 RHSA-2011:1293 http://www.redhat.com/support/errata/RHSA-2011-1293.html SUSE-SU-2011:1019 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html SUSE-SU-2016:1996 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html SUSE-SU-2016:2089 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html [oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/29/2 [oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser http://openwall.com/lists/oss-security/2011/08/30/4 http://openwall.com/lists/oss-security/2011/08/30/8 http://www.squid-cache.org/Advisories/SQUID-2011_3.txt http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch https://bugzilla.redhat.com/show_bug.cgi?id=734583 openSUSE-SU-2011:1018 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3208 BugTraq ID: 49534 http://www.securityfocus.com/bid/49534 Debian Security Information: DSA-2318 (Google Search) http://www.debian.org/security/2011/dsa-2318 http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200 http://www.osvdb.org/75307 http://www.redhat.com/support/errata/RHSA-2011-1317.html http://securitytracker.com/id?1026031 http://secunia.com/advisories/45938 http://secunia.com/advisories/45975 http://secunia.com/advisories/46064 SuSE Security Announcement: SUSE-SU-2011:1034 (Google Search) https://hermes.opensuse.org/messages/11723935 SuSE Security Announcement: openSUSE-SU-2011:1036 (Google Search) http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html XForce ISS Database: cyrus-splitwildmats-bo(69679) https://exchange.xforce.ibmcloud.com/vulnerabilities/69679
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.