Caldera Security Advisory: squid

Caldera: From Squid advisory SQUID-2002:2 : Error and boundary conditions
were not checked when handling compressed DNS answer messages in
the internal DNS code (lib/rfc1035.c). A malicious DNS server
could craft a DNS reply that would cause Squid to exit with
a SIGSEGV.


____________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Linux: squid compressed DNS answer message boundary failure
Advisory number:        CSSA-2002-017.0
Issue date:             2002 April 25
Cross reference:
____________________________________________________________________________


1. Problem Description

        From Squid advisory SQUID-2002:2 : Error and boundary conditions
        were not checked when handling compressed DNS answer messages in
        the internal DNS code (lib/rfc1035.c). A malicious DNS server
        could craft a DNS reply that would cause Squid to exit with
        a SIGSEGV.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to squid-2.4.STABLE2-4.i386.rpm

        OpenLinux 3.1 Server            prior to squid-2.4.STABLE2-4.i386.rpm


3. Solution

        The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

        ce1fbb905f270ca49d9151b6b40507c9        squid-2.4.STABLE2-4.i386.rpm/

        4.3 Installation

        rpm -Fvh squid-2.4.STABLE2-4.i386.rpm/

        4.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

        b5001b17b2b841a6cd8b196d5789db64        squid-2.4.STABLE2-4.src.rpm


5. OpenLinux 3.1 Server

        5.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

5.2 Packages

        9a72c528ba333d87e1d6719340ee768b        squid-2.4.STABLE2-4.i386.rpm

        5.3 Installation

        rpm -Fvh squid-2.4.STABLE2-4.i386.rpm

        5.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

5.5 Source Packages

        cd38d3243263a06eba7c20c836709711        squid-2.4.STABLE2-4.src.rpm


6. References

        Specific references for this advisory:

                http://www.squid-cache.org/Advisories/SQUID-2002_2.txt

Caldera OpenLinux security resources:
                http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:
                http://stage.caldera.com/support/security/

This security fix closes Caldera incidents sr862189, fz520428,
        and erg711999.


7. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.


8. Acknowledgements

        This vulnerability was discovered and researched by zen-parse
        <zen-parse@gmx.net>.

____________________________________________________________________________

RELATED ARTICLESMORE FROM AUTHOR

How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM

Automating Compliance Management with UTMStack’s Open Source SIEM & XDR

Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces

Xen 4.19 is released

Advancing Xen on RISC-V: key updates

RELATED ARTICLES MORE FROM AUTHOR