An updated Squid package that fixes security issues is now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Squid is a full-featured Web proxy cache.
A bug was found in the way Squid displays error messages. A remote attacker
could submit a request containing an invalid hostname which would result in
Squid displaying a previously used error message. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-2479 to this issue.
Two denial of service bugs were found in the way Squid handles malformed
requests. A remote attacker could submit a specially crafted request to
Squid that would cause the server to crash. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-2794 and
CAN-2005-2796 to these issues.
Please note that CAN-2005-2796 does not affect Red Hat Enterprise Linux 2.1
Users of Squid should upgrade to this updated package that contains
backported patches, and is not vulnerable to these issues.