Download
| Alert*
oval:org.secpod.oval:def:500111
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squ ... oval:org.secpod.oval:def:300274 A vulnerability has been found and corrected in squid: The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service via a crafted request . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintena ... oval:org.secpod.oval:def:1504261 [3.1.10-1] - Resolves: #639365 - Rebase squid to version 3.1.10 - Resolves: #666533 - small memleak in squid-3.1.4 oval:org.secpod.oval:def:600145 Phil Oester discovered that squid3, a fully featured Web Proxy cache, is prone to a denial of service attack via a specially crafted request that includes empty strings. For the stable distribution , this problem has been fixed in version 3.0.STABLE8-3+lenny4. For the testing distribution , this pro ... |