--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2002-40
http://www/turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Squid
Leakage of certification information
Release date : 2002-07-05
Solution: package : squid-2.4.STABLE6-5
Problem
When the user certification setting is done through the squid and certification information is being transferred, there is a possibility of server being accessed in the sight whose user certification is necessary.
Solution:
Please verify version and execute the command below.
# rpm -qa | grep package name
When problem corresponds, please download the update package. Do the update by the using the command below.
Furthermore, please execute the package number which corresponds to your version number. Without starting a new paragraph, please enter the "\ " Bunchu sign.
Execution example
---------------------------------------------------------------------
# rpm -Fvh Package-1.0.0-1.i586.rpm \
Package-doc-1.0.0-1.i586.rpm \
Package-devel-1.0.0-1.i586.rpm
The case where rpm command is executed, please enter as follows on the command line.
# rpm -Fvh package-1.0.0-1.i586.rpm package-doc-1.0.0-1.i586.rpm package-devel-1.0.0-1.i586.rpm
---------------------------------------------------------------------
< Turbolinux 8 Workstation >
< Turbolinux 7 Server >
< Turbolinux 7 Workstation >
# rpm -Fvh squid-2.4.STABLE6-5.i586.rpm
< Turbolinux Server 6.5 >
< Turbolinux Advanced Server 6 >
< Turbolinux Server 6.1 >
# rpm -Fvh squid-2.4.STABLE6-5.i386.rpm
< Turbolinux Workstation 6.0 >
* It is not necessary to update the squid package if it is not being recorded.
Package updates:
http://www.turbolinux.co.jp/update/
