Summary: | net-proxy/squid: Unspecified DNS Spoofing Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Paskowitz (RETIRED) <r2d2> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | net-proxy+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.securityfocus.com/bid/13592/info/ | ||
Whiteboard: | B3? [noglsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Robert Paskowitz (RETIRED)
2005-05-11 08:49:42 UTC
net-proxy, please advise. There is also a release candidate from today that likely has the patch in it, not sure when STABLE10 is expected to be released though. looks like a serious problem to me. version bumped to 2.5.10_rc3 and marked stable on x86 P.S. I'm a little annoyed about the negligence of the upstream regarding the quality of the inter-release patches. It is the second time when I had problems appliying official patches to the latest official release. I thought it is better to use the rc3 tarball - who knows what else is missing from the published patches? Arches please test and mark stable. ppc stable. stable on ppc64 stable on amd64 Stable on hppa. http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query Malicious users may spoof DNS lookups if the DNS client UDP port (random, assigned by OS at startup) is unfiltered and your network is not protected from IP spoofing. __ http://www.securitytracker.com/alerts/2005/May/1013952.html Stable on alpha + ia64. sparc stable. submitted with x86 from the beggining ½ YES vote. Other Squid issues in the queue (both very minor imho): bug #89149 bug #83955 Half vote against a GLSA, but hard to decide... We do have 3 in the queue though now... So one should be considered now or after the next issue. I half-vote NO too, but I agree the next one is the good one. Lets queue this. Reverting to full NO for the time being->Closing. Stable on mips. |