[virusinfo] Security update for Squid - 03/07/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Tue, 08 Mar 2005 20:48:16 -0800

From; Panda Oxygen3:

"If you create an act, you create a habit."
   André Maurois (1885-1967); French biographer, novelist and essayist.

                   - Security update for Squid -
  Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 7, 2005 - A patch has been released that fixes a vulnerability
in version 2.5 -STABLE 7 to 9- of Squid (*), which could be used by a
malicious user to disclose confidential information.

The security problem lies in a race window where Set-Cookie headers could
leak to other users. This happens when the requested server relies on the
Netscape Set-Cookie specification (obsolete since 1997). 

More information about this vulnerability in Squid and the patch released is
available at:
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie

(*) Squid: open code proxy server, which is widely used in Unix environments
and is available for multiple platforms (from Linux, to Mac OS/X or
Windows).

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's
free online scanner: 1) Mhtredir.gen; 2) Shinwow.E; 3) Downloader.GK; 4)
Sdbot.ftp; 5) Mitglieder.BO.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Security update for Squid - 03/07/05

1. Home
2. virusinfo
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---