Alex Masterov has reported a vulnerability in Squid,
which potentially can be exploited by malicious people
to cause a DoS.
The vulnerability is caused due to an unspecified error
in the "sslConnectTimeout()" function after handling
malformed requests. This may be exploited to crash Squid.
CAN-2005-2796
- Malicious users may spoof DNS lookups if the DNS client UDP port (random,
assigned by OS at startup) is unfiltered and your network is not protected
from IP spoofing.
- CVE-1999-0710, adds access controls to the cachemgr.cgi script, preventing
it from being abused to reach other servers than allowed in a local
configuration file.
Fixes 2 major issues over STABLE7 + the previous round of patches..
- Data corruption when HTTP reply headers is split in several packets
- Assertion failure on certain odd DNS responses
- add snmp FLAVOR from Joel CARNAT <joel at carnat dot net>
- add some auth types and auth/acl helpers
- add NTLM auth SMB patch even though the default port does NOT compile this support in
- NOTE: you can now override the dir used for cache/logs by using the
variable STATEDIR. i.e., "make STATEDIR=/alternate/dir package", and it
will be substituted into the INSTALL/DEINSTALL scripts.
