Package: squid3
Severity: grave
Tags: security
Hi,
3.1.7 fixes a security issue:
http://marc.info/?l=squid-users&m=128263555724981&w=2
> One regression introduced with 3.1.6 when contacting IPv4-only DNS
> resolvers opens a small but exploitable DoS vulnerability. All users of
> Squid-3.1.6 are urged to upgrade to this release as soon as possible.
This has been assigned CVE-2010-2951. Lenny is not affected.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, ''unstable'')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages squid3 depends on:
ii adduser 3.112 add and remove users and groups
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
pn libdb4.6 <none> (no description available)
ii libgcc1 1:4.4.4-9 GCC support library
ii libldap-2.4-2 2.4.23-3 OpenLDAP libraries
ii libpam0g 1.1.1-4 Pluggable Authentication Modules l
ii libsasl2-2 2.1.23.dfsg1-5.1 Cyrus SASL - authentication abstra
ii libstdc++6 4.4.4-9 The GNU Standard C++ Library v3
ii logrotate 3.7.8-6 Log rotation utility
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
ii netbase 4.42 Basic TCP/IP networking system
pn squid3-common <none> (no description available)
squid3 recommends no packages.
Versions of packages squid3 suggests:
pn resolvconf <none> (no description available)
pn smbclient <none> (no description available)
pn squid3-cgi <none> (no description available)
pn squidclient <none> (no description available)