Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2005-2917 (GCVE-0-2005-2917)
Vulnerability from cvelistv5 – Published: 2005-09-30 04:00 – Updated: 2024-08-07 22:53
VLAI?
EPSS
Summary
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-192-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "1014920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "16992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "14977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "19607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19607"
},
{
"name": "MDKSA-2005:181",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "17050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "RHSA-2006:0052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "oval:org.mitre.oval:def:11580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "17177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "19161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "17015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "RHSA-2006:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "DSA-828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-192-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "1014920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "16992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "14977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "19607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19607"
},
{
"name": "MDKSA-2005:181",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "17050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "RHSA-2006:0052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "oval:org.mitre.oval:def:11580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "17177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "19161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "17015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "RHSA-2006:0045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "DSA-828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2917",
"datePublished": "2005-09-30T04:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.5.stable10\", \"matchCriteriaId\": \"DE077B6D-CB5E-445A-97F8-444D3D7FCAD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squid:squid:2.5.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DD7F1E4-35E3-43A0-B4F8-68697D70908E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).\"}]",
"id": "CVE-2005-2917",
"lastModified": "2024-11-21T00:00:43.043",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2005-09-30T18:05:00.000",
"references": "[{\"url\": \"ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://fedoranews.org/updates/FEDORA--.shtml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/16992\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17015\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/17050\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/17177\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/19161\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/19532\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securitytracker.com/id?1014920\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2005/dsa-828\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2005:181\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2005_27_sr.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.osvdb.org/19607\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0045.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0052.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/14977\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-192-1/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/24282\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://fedoranews.org/updates/FEDORA--.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/16992\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17015\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/17050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/17177\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1014920\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2005/dsa-828\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2005:181\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2005_27_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/19607\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0045.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0052.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/14977\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-192-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/24282\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2005-2917\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2005-09-30T18:05:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.stable10\",\"matchCriteriaId\":\"DE077B6D-CB5E-445A-97F8-444D3D7FCAD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid:squid:2.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DD7F1E4-35E3-43A0-B4F8-68697D70908E\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt\",\"source\":\"secalert@redhat.com\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://fedoranews.org/updates/FEDORA--.shtml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/16992\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17015\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/17050\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/17177\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/19161\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/19532\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1014920\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2005/dsa-828\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:181\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2005_27_sr.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/19607\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0045.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0052.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/14977\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-192-1/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24282\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580\",\"source\":\"secalert@redhat.com\"},{\"url\":\"ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://fedoranews.org/updates/FEDORA--.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/16992\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17015\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1014920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2005/dsa-828\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2005_27_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/19607\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0052.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/14977\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-192-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24282\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2006:0052
Vulnerability from csaf_redhat - Published: 2006-03-07 15:17 - Updated: 2025-11-21 17:29Summary
Red Hat Security Advisory: squid security update
Notes
Topic
An updated squid package that fixes a security vulnerability as well as
several issues is now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.
A denial of service flaw was found in the way squid processes certain NTLM
authentication requests. It is possible for a remote attacker to crash the
Squid server by sending a specially crafted NTLM authentication request.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CVE-2005-2917 to this issue.
The following issues have also been fixed in this update:
* An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a
user visits a site that has a bit longer DNS record.
* An error introduced in the old package prevented Squid from returning
correct information about large file systems. The new package is compiled
with the IDENT lookup support so that users who want to use it do not
have to recompile it.
* Some authentication helpers needed SETUID rights but did not have them.
If administrators wanted to use cache administrator, they had to change
the SETUID bit manually. The updated package sets this bit so the new
package can be updated without manual intervention from administrators.
* Squid could not handle a reply from an HTTP server when the reply began
with the new-line character.
* An issue was discovered when a reply from an HTTP server was not
HTTP 1.0 or 1.1 compliant.
* The updated package keeps user-defined error pages when the package
is updated and it adds new ones.
All users of squid should upgrade to this updated package, which resolves
these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated squid package that fixes a security vulnerability as well as\nseveral issues is now available.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for Web clients,\nsupporting FTP, gopher, and HTTP data objects.\n\nA denial of service flaw was found in the way squid processes certain NTLM\nauthentication requests. It is possible for a remote attacker to crash the\nSquid server by sending a specially crafted NTLM authentication request.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) assigned\nthe name CVE-2005-2917 to this issue.\n\nThe following issues have also been fixed in this update: \n\n* An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a\n user visits a site that has a bit longer DNS record.\n\n* An error introduced in the old package prevented Squid from returning\n correct information about large file systems. The new package is compiled\n with the IDENT lookup support so that users who want to use it do not\n have to recompile it.\n\n* Some authentication helpers needed SETUID rights but did not have them.\n If administrators wanted to use cache administrator, they had to change\n the SETUID bit manually. The updated package sets this bit so the new\n package can be updated without manual intervention from administrators.\n\n* Squid could not handle a reply from an HTTP server when the reply began\n with the new-line character. \n\n* An issue was discovered when a reply from an HTTP server was not\n HTTP 1.0 or 1.1 compliant.\n\n* The updated package keeps user-defined error pages when the package\n is updated and it adds new ones.\n \nAll users of squid should upgrade to this updated package, which resolves\nthese issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0052",
"url": "https://access.redhat.com/errata/RHSA-2006:0052"
},
{
"category": "external",
"summary": "160704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=160704"
},
{
"category": "external",
"summary": "162660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=162660"
},
{
"category": "external",
"summary": "168378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=168378"
},
{
"category": "external",
"summary": "170399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=170399"
},
{
"category": "external",
"summary": "172375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172375"
},
{
"category": "external",
"summary": "172392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172392"
},
{
"category": "external",
"summary": "172697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172697"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0052.json"
}
],
"title": "Red Hat Security Advisory: squid security update",
"tracking": {
"current_release_date": "2025-11-21T17:29:51+00:00",
"generator": {
"date": "2025-11-21T17:29:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2006:0052",
"initial_release_date": "2006-03-07T15:17:00+00:00",
"revision_history": [
{
"date": "2006-03-07T15:17:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-03-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:29:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=ia64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=ia64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.src",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=src\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=x86_64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.i386",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=i386\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=i386\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=ppc\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=ppc\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=s390x\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.s390",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=s390\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=s390\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.src"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.src"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.src"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.src"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2917",
"discovery_date": "2005-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617765"
}
],
"notes": [
{
"category": "description",
"text": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:squid-7:2.5.STABLE6-3.4E.12.i386",
"4AS:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4AS:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4AS:squid-7:2.5.STABLE6-3.4E.12.s390",
"4AS:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4AS:squid-7:2.5.STABLE6-3.4E.12.src",
"4AS:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.i386",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.src",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4ES:squid-7:2.5.STABLE6-3.4E.12.i386",
"4ES:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4ES:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4ES:squid-7:2.5.STABLE6-3.4E.12.s390",
"4ES:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4ES:squid-7:2.5.STABLE6-3.4E.12.src",
"4ES:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4WS:squid-7:2.5.STABLE6-3.4E.12.i386",
"4WS:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4WS:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4WS:squid-7:2.5.STABLE6-3.4E.12.s390",
"4WS:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4WS:squid-7:2.5.STABLE6-3.4E.12.src",
"4WS:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2917"
},
{
"category": "external",
"summary": "RHBZ#1617765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617765"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2917",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917"
}
],
"release_date": "2005-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-03-07T15:17:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:squid-7:2.5.STABLE6-3.4E.12.i386",
"4AS:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4AS:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4AS:squid-7:2.5.STABLE6-3.4E.12.s390",
"4AS:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4AS:squid-7:2.5.STABLE6-3.4E.12.src",
"4AS:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.i386",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.src",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4ES:squid-7:2.5.STABLE6-3.4E.12.i386",
"4ES:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4ES:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4ES:squid-7:2.5.STABLE6-3.4E.12.s390",
"4ES:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4ES:squid-7:2.5.STABLE6-3.4E.12.src",
"4ES:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4WS:squid-7:2.5.STABLE6-3.4E.12.i386",
"4WS:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4WS:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4WS:squid-7:2.5.STABLE6-3.4E.12.s390",
"4WS:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4WS:squid-7:2.5.STABLE6-3.4E.12.src",
"4WS:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0052"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2006:0045
Vulnerability from csaf_redhat - Published: 2006-03-15 14:14 - Updated: 2025-11-21 17:29Summary
Red Hat Security Advisory: squid security update
Notes
Topic
Updated squid packages that fix a security vulnerability as well as
several bugs are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.
A denial of service flaw was found in the way squid processes certain NTLM
authentication requests. A remote attacker could send a specially crafted
NTLM authentication request which would cause the Squid server to crash.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2005-2917 to this issue.
Several bugs have also been addressed in this update:
* An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a
user visits a site which has a long DNS record.
* Some authentication helpers were missing needed setuid rights.
* Squid couldn't handle a reply from a HTTP server when the reply began
with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant.
* User-defined error pages were not kept when the squid package was upgraded.
All users of squid should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated squid packages that fix a security vulnerability as well as\nseveral bugs are now available.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for Web clients,\nsupporting FTP, gopher, and HTTP data objects.\n\nA denial of service flaw was found in the way squid processes certain NTLM\nauthentication requests. A remote attacker could send a specially crafted\nNTLM authentication request which would cause the Squid server to crash. \nThe Common Vulnerabilities and Exposures project assigned the name\nCVE-2005-2917 to this issue.\n\nSeveral bugs have also been addressed in this update:\n\n* An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a\nuser visits a site which has a long DNS record.\n\n* Some authentication helpers were missing needed setuid rights.\n\n* Squid couldn\u0027t handle a reply from a HTTP server when the reply began\nwith the new-line character or wasn\u0027t HTTP/1.0 or HTTP/1.1 compliant.\n\n* User-defined error pages were not kept when the squid package was upgraded.\n\nAll users of squid should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0045",
"url": "https://access.redhat.com/errata/RHSA-2006:0045"
},
{
"category": "external",
"summary": "127836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=127836"
},
{
"category": "external",
"summary": "150781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=150781"
},
{
"category": "external",
"summary": "163595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=163595"
},
{
"category": "external",
"summary": "165367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=165367"
},
{
"category": "external",
"summary": "169269",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=169269"
},
{
"category": "external",
"summary": "170397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=170397"
},
{
"category": "external",
"summary": "172693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172693"
},
{
"category": "external",
"summary": "174029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=174029"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0045.json"
}
],
"title": "Red Hat Security Advisory: squid security update",
"tracking": {
"current_release_date": "2025-11-21T17:29:51+00:00",
"generator": {
"date": "2025-11-21T17:29:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2006:0045",
"initial_release_date": "2006-03-15T14:14:00+00:00",
"revision_history": [
{
"date": "2006-03-15T14:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-03-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:29:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=ia64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=ia64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.src",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=src\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=x86_64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.i386",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=i386\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=i386\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=ppc\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=ppc\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=s390x\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.s390",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=s390\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=s390\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.src"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.src"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.src"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.src"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2917",
"discovery_date": "2005-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617765"
}
],
"notes": [
{
"category": "description",
"text": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS:squid-7:2.5.STABLE3-6.3E.16.i386",
"3AS:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3AS:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3AS:squid-7:2.5.STABLE3-6.3E.16.s390",
"3AS:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3AS:squid-7:2.5.STABLE3-6.3E.16.src",
"3AS:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.i386",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.src",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3ES:squid-7:2.5.STABLE3-6.3E.16.i386",
"3ES:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3ES:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3ES:squid-7:2.5.STABLE3-6.3E.16.s390",
"3ES:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3ES:squid-7:2.5.STABLE3-6.3E.16.src",
"3ES:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3WS:squid-7:2.5.STABLE3-6.3E.16.i386",
"3WS:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3WS:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3WS:squid-7:2.5.STABLE3-6.3E.16.s390",
"3WS:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3WS:squid-7:2.5.STABLE3-6.3E.16.src",
"3WS:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2917"
},
{
"category": "external",
"summary": "RHBZ#1617765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617765"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2917",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917"
}
],
"release_date": "2005-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-03-15T14:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:squid-7:2.5.STABLE3-6.3E.16.i386",
"3AS:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3AS:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3AS:squid-7:2.5.STABLE3-6.3E.16.s390",
"3AS:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3AS:squid-7:2.5.STABLE3-6.3E.16.src",
"3AS:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.i386",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.src",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3ES:squid-7:2.5.STABLE3-6.3E.16.i386",
"3ES:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3ES:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3ES:squid-7:2.5.STABLE3-6.3E.16.s390",
"3ES:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3ES:squid-7:2.5.STABLE3-6.3E.16.src",
"3ES:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3WS:squid-7:2.5.STABLE3-6.3E.16.i386",
"3WS:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3WS:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3WS:squid-7:2.5.STABLE3-6.3E.16.s390",
"3WS:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3WS:squid-7:2.5.STABLE3-6.3E.16.src",
"3WS:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0045"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2006_0052
Vulnerability from csaf_redhat - Published: 2006-03-07 15:17 - Updated: 2024-11-22 00:05Summary
Red Hat Security Advisory: squid security update
Notes
Topic
An updated squid package that fixes a security vulnerability as well as
several issues is now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.
A denial of service flaw was found in the way squid processes certain NTLM
authentication requests. It is possible for a remote attacker to crash the
Squid server by sending a specially crafted NTLM authentication request.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CVE-2005-2917 to this issue.
The following issues have also been fixed in this update:
* An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a
user visits a site that has a bit longer DNS record.
* An error introduced in the old package prevented Squid from returning
correct information about large file systems. The new package is compiled
with the IDENT lookup support so that users who want to use it do not
have to recompile it.
* Some authentication helpers needed SETUID rights but did not have them.
If administrators wanted to use cache administrator, they had to change
the SETUID bit manually. The updated package sets this bit so the new
package can be updated without manual intervention from administrators.
* Squid could not handle a reply from an HTTP server when the reply began
with the new-line character.
* An issue was discovered when a reply from an HTTP server was not
HTTP 1.0 or 1.1 compliant.
* The updated package keeps user-defined error pages when the package
is updated and it adds new ones.
All users of squid should upgrade to this updated package, which resolves
these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated squid package that fixes a security vulnerability as well as\nseveral issues is now available.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for Web clients,\nsupporting FTP, gopher, and HTTP data objects.\n\nA denial of service flaw was found in the way squid processes certain NTLM\nauthentication requests. It is possible for a remote attacker to crash the\nSquid server by sending a specially crafted NTLM authentication request.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) assigned\nthe name CVE-2005-2917 to this issue.\n\nThe following issues have also been fixed in this update: \n\n* An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a\n user visits a site that has a bit longer DNS record.\n\n* An error introduced in the old package prevented Squid from returning\n correct information about large file systems. The new package is compiled\n with the IDENT lookup support so that users who want to use it do not\n have to recompile it.\n\n* Some authentication helpers needed SETUID rights but did not have them.\n If administrators wanted to use cache administrator, they had to change\n the SETUID bit manually. The updated package sets this bit so the new\n package can be updated without manual intervention from administrators.\n\n* Squid could not handle a reply from an HTTP server when the reply began\n with the new-line character. \n\n* An issue was discovered when a reply from an HTTP server was not\n HTTP 1.0 or 1.1 compliant.\n\n* The updated package keeps user-defined error pages when the package\n is updated and it adds new ones.\n \nAll users of squid should upgrade to this updated package, which resolves\nthese issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0052",
"url": "https://access.redhat.com/errata/RHSA-2006:0052"
},
{
"category": "external",
"summary": "160704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=160704"
},
{
"category": "external",
"summary": "162660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=162660"
},
{
"category": "external",
"summary": "168378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=168378"
},
{
"category": "external",
"summary": "170399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=170399"
},
{
"category": "external",
"summary": "172375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172375"
},
{
"category": "external",
"summary": "172392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172392"
},
{
"category": "external",
"summary": "172697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172697"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0052.json"
}
],
"title": "Red Hat Security Advisory: squid security update",
"tracking": {
"current_release_date": "2024-11-22T00:05:27+00:00",
"generator": {
"date": "2024-11-22T00:05:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2006:0052",
"initial_release_date": "2006-03-07T15:17:00+00:00",
"revision_history": [
{
"date": "2006-03-07T15:17:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-03-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T00:05:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=ia64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=ia64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.src",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=src\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=x86_64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.i386",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=i386\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=i386\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=ppc\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=ppc\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=s390x\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE6-3.4E.12.s390",
"product": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390",
"product_id": "squid-7:2.5.STABLE6-3.4E.12.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE6-3.4E.12?arch=s390\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"product_id": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE6-3.4E.12?arch=s390\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.src"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.src"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.src"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.src"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2917",
"discovery_date": "2005-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617765"
}
],
"notes": [
{
"category": "description",
"text": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:squid-7:2.5.STABLE6-3.4E.12.i386",
"4AS:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4AS:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4AS:squid-7:2.5.STABLE6-3.4E.12.s390",
"4AS:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4AS:squid-7:2.5.STABLE6-3.4E.12.src",
"4AS:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.i386",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.src",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4ES:squid-7:2.5.STABLE6-3.4E.12.i386",
"4ES:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4ES:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4ES:squid-7:2.5.STABLE6-3.4E.12.s390",
"4ES:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4ES:squid-7:2.5.STABLE6-3.4E.12.src",
"4ES:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4WS:squid-7:2.5.STABLE6-3.4E.12.i386",
"4WS:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4WS:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4WS:squid-7:2.5.STABLE6-3.4E.12.s390",
"4WS:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4WS:squid-7:2.5.STABLE6-3.4E.12.src",
"4WS:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2917"
},
{
"category": "external",
"summary": "RHBZ#1617765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617765"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2917",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917"
}
],
"release_date": "2005-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-03-07T15:17:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:squid-7:2.5.STABLE6-3.4E.12.i386",
"4AS:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4AS:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4AS:squid-7:2.5.STABLE6-3.4E.12.s390",
"4AS:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4AS:squid-7:2.5.STABLE6-3.4E.12.src",
"4AS:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4AS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.i386",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.src",
"4Desktop:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4Desktop:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4ES:squid-7:2.5.STABLE6-3.4E.12.i386",
"4ES:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4ES:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4ES:squid-7:2.5.STABLE6-3.4E.12.s390",
"4ES:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4ES:squid-7:2.5.STABLE6-3.4E.12.src",
"4ES:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4ES:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64",
"4WS:squid-7:2.5.STABLE6-3.4E.12.i386",
"4WS:squid-7:2.5.STABLE6-3.4E.12.ia64",
"4WS:squid-7:2.5.STABLE6-3.4E.12.ppc",
"4WS:squid-7:2.5.STABLE6-3.4E.12.s390",
"4WS:squid-7:2.5.STABLE6-3.4E.12.s390x",
"4WS:squid-7:2.5.STABLE6-3.4E.12.src",
"4WS:squid-7:2.5.STABLE6-3.4E.12.x86_64",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.i386",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ia64",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.ppc",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.s390x",
"4WS:squid-debuginfo-7:2.5.STABLE6-3.4E.12.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0052"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2006_0045
Vulnerability from csaf_redhat - Published: 2006-03-15 14:14 - Updated: 2024-11-22 00:05Summary
Red Hat Security Advisory: squid security update
Notes
Topic
Updated squid packages that fix a security vulnerability as well as
several bugs are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.
A denial of service flaw was found in the way squid processes certain NTLM
authentication requests. A remote attacker could send a specially crafted
NTLM authentication request which would cause the Squid server to crash.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2005-2917 to this issue.
Several bugs have also been addressed in this update:
* An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a
user visits a site which has a long DNS record.
* Some authentication helpers were missing needed setuid rights.
* Squid couldn't handle a reply from a HTTP server when the reply began
with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant.
* User-defined error pages were not kept when the squid package was upgraded.
All users of squid should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated squid packages that fix a security vulnerability as well as\nseveral bugs are now available.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for Web clients,\nsupporting FTP, gopher, and HTTP data objects.\n\nA denial of service flaw was found in the way squid processes certain NTLM\nauthentication requests. A remote attacker could send a specially crafted\nNTLM authentication request which would cause the Squid server to crash. \nThe Common Vulnerabilities and Exposures project assigned the name\nCVE-2005-2917 to this issue.\n\nSeveral bugs have also been addressed in this update:\n\n* An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a\nuser visits a site which has a long DNS record.\n\n* Some authentication helpers were missing needed setuid rights.\n\n* Squid couldn\u0027t handle a reply from a HTTP server when the reply began\nwith the new-line character or wasn\u0027t HTTP/1.0 or HTTP/1.1 compliant.\n\n* User-defined error pages were not kept when the squid package was upgraded.\n\nAll users of squid should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0045",
"url": "https://access.redhat.com/errata/RHSA-2006:0045"
},
{
"category": "external",
"summary": "127836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=127836"
},
{
"category": "external",
"summary": "150781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=150781"
},
{
"category": "external",
"summary": "163595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=163595"
},
{
"category": "external",
"summary": "165367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=165367"
},
{
"category": "external",
"summary": "169269",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=169269"
},
{
"category": "external",
"summary": "170397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=170397"
},
{
"category": "external",
"summary": "172693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172693"
},
{
"category": "external",
"summary": "174029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=174029"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0045.json"
}
],
"title": "Red Hat Security Advisory: squid security update",
"tracking": {
"current_release_date": "2024-11-22T00:05:23+00:00",
"generator": {
"date": "2024-11-22T00:05:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2006:0045",
"initial_release_date": "2006-03-15T14:14:00+00:00",
"revision_history": [
{
"date": "2006-03-15T14:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-03-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T00:05:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=ia64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=ia64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.src",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=src\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=x86_64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.i386",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=i386\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=i386\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=ppc\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=ppc\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=s390x\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:2.5.STABLE3-6.3E.16.s390",
"product": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390",
"product_id": "squid-7:2.5.STABLE3-6.3E.16.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@2.5.STABLE3-6.3E.16?arch=s390\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"product": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"product_id": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@2.5.STABLE3-6.3E.16?arch=s390\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.src"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.src"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.src"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.src"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
},
"product_reference": "squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2917",
"discovery_date": "2005-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617765"
}
],
"notes": [
{
"category": "description",
"text": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS:squid-7:2.5.STABLE3-6.3E.16.i386",
"3AS:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3AS:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3AS:squid-7:2.5.STABLE3-6.3E.16.s390",
"3AS:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3AS:squid-7:2.5.STABLE3-6.3E.16.src",
"3AS:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.i386",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.src",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3ES:squid-7:2.5.STABLE3-6.3E.16.i386",
"3ES:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3ES:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3ES:squid-7:2.5.STABLE3-6.3E.16.s390",
"3ES:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3ES:squid-7:2.5.STABLE3-6.3E.16.src",
"3ES:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3WS:squid-7:2.5.STABLE3-6.3E.16.i386",
"3WS:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3WS:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3WS:squid-7:2.5.STABLE3-6.3E.16.s390",
"3WS:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3WS:squid-7:2.5.STABLE3-6.3E.16.src",
"3WS:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2917"
},
{
"category": "external",
"summary": "RHBZ#1617765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617765"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2917",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917"
}
],
"release_date": "2005-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-03-15T14:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:squid-7:2.5.STABLE3-6.3E.16.i386",
"3AS:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3AS:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3AS:squid-7:2.5.STABLE3-6.3E.16.s390",
"3AS:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3AS:squid-7:2.5.STABLE3-6.3E.16.src",
"3AS:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3AS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.i386",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.src",
"3Desktop:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3Desktop:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3ES:squid-7:2.5.STABLE3-6.3E.16.i386",
"3ES:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3ES:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3ES:squid-7:2.5.STABLE3-6.3E.16.s390",
"3ES:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3ES:squid-7:2.5.STABLE3-6.3E.16.src",
"3ES:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3ES:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64",
"3WS:squid-7:2.5.STABLE3-6.3E.16.i386",
"3WS:squid-7:2.5.STABLE3-6.3E.16.ia64",
"3WS:squid-7:2.5.STABLE3-6.3E.16.ppc",
"3WS:squid-7:2.5.STABLE3-6.3E.16.s390",
"3WS:squid-7:2.5.STABLE3-6.3E.16.s390x",
"3WS:squid-7:2.5.STABLE3-6.3E.16.src",
"3WS:squid-7:2.5.STABLE3-6.3E.16.x86_64",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.i386",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ia64",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.ppc",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.s390x",
"3WS:squid-debuginfo-7:2.5.STABLE3-6.3E.16.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0045"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
GSD-2005-2917
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2005-2917",
"description": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).",
"id": "GSD-2005-2917",
"references": [
"https://www.suse.com/security/cve/CVE-2005-2917.html",
"https://www.debian.org/security/2005/dsa-828",
"https://access.redhat.com/errata/RHSA-2006:0052",
"https://access.redhat.com/errata/RHSA-2006:0045"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2005-2917"
],
"details": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).",
"id": "GSD-2005-2917",
"modified": "2023-12-13T01:20:10.692089Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
"refsource": "MISC",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "http://www.novell.com/linux/security/advisories/2005_27_sr.html",
"refsource": "MISC",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "http://fedoranews.org/updates/FEDORA--.shtml",
"refsource": "MISC",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U",
"refsource": "MISC",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "http://secunia.com/advisories/19532",
"refsource": "MISC",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "http://secunia.com/advisories/16992",
"refsource": "MISC",
"url": "http://secunia.com/advisories/16992"
},
{
"name": "http://secunia.com/advisories/17015",
"refsource": "MISC",
"url": "http://secunia.com/advisories/17015"
},
{
"name": "http://secunia.com/advisories/17050",
"refsource": "MISC",
"url": "http://secunia.com/advisories/17050"
},
{
"name": "http://secunia.com/advisories/17177",
"refsource": "MISC",
"url": "http://secunia.com/advisories/17177"
},
{
"name": "http://secunia.com/advisories/19161",
"refsource": "MISC",
"url": "http://secunia.com/advisories/19161"
},
{
"name": "http://securitytracker.com/id?1014920",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "http://www.debian.org/security/2005/dsa-828",
"refsource": "MISC",
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "http://www.osvdb.org/19607",
"refsource": "MISC",
"url": "http://www.osvdb.org/19607"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2006-0045.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2006-0052.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "http://www.securityfocus.com/bid/14977",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "http://www.ubuntu.com/usn/usn-192-1/",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:squid:squid:2.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.stable10",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2917"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-828",
"refsource": "DEBIAN",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"name": "16992",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"name": "MDKSA-2005:181",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"tags": [],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "14977",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/14977"
},
{
"name": "RHSA-2006:0052",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"name": "SCOSA-2005.49",
"refsource": "SCO",
"tags": [],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "USN-192-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"name": "19607",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/19607"
},
{
"name": "1014920",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1014920"
},
{
"name": "17015",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/17015"
},
{
"name": "19161",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19161"
},
{
"name": "RHSA-2006:0045",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"name": "17050",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/17050"
},
{
"name": "17177",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/17177"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"tags": [],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "19532",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "SUSE-SR:2005:027",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "squid-ntlm-authentication-dos(24282)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"name": "oval:org.mitre.oval:def:11580",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-10-11T01:30Z",
"publishedDate": "2005-09-30T18:05Z"
}
}
}
FKIE_CVE-2005-2917
Vulnerability from fkie_nvd - Published: 2005-09-30 18:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
| secalert@redhat.com | ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U | ||
| secalert@redhat.com | http://fedoranews.org/updates/FEDORA--.shtml | ||
| secalert@redhat.com | http://secunia.com/advisories/16992 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17015 | ||
| secalert@redhat.com | http://secunia.com/advisories/17050 | ||
| secalert@redhat.com | http://secunia.com/advisories/17177 | ||
| secalert@redhat.com | http://secunia.com/advisories/19161 | ||
| secalert@redhat.com | http://secunia.com/advisories/19532 | ||
| secalert@redhat.com | http://securitytracker.com/id?1014920 | ||
| secalert@redhat.com | http://www.debian.org/security/2005/dsa-828 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2005:181 | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2005_27_sr.html | ||
| secalert@redhat.com | http://www.osvdb.org/19607 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2006-0045.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2006-0052.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/14977 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-192-1/ | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/24282 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://fedoranews.org/updates/FEDORA--.shtml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16992 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17177 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19161 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19532 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014920 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-828 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:181 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_27_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/19607 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0045.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0052.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14977 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-192-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/24282 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE077B6D-CB5E-445A-97F8-444D3D7FCAD5",
"versionEndIncluding": "2.5.stable10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD7F1E4-35E3-43A0-B4F8-68697D70908E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart)."
}
],
"id": "CVE-2005-2917",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-30T18:05:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17015"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17050"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17177"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19161"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1014920"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/19607"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-192-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5HG5-X4P6-WGF5
Vulnerability from github – Published: 2022-05-03 03:14 – Updated: 2022-05-03 03:14
VLAI?
Details
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
{
"affected": [],
"aliases": [
"CVE-2005-2917"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-09-30T18:05:00Z",
"severity": "MODERATE"
},
"details": "Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).",
"id": "GHSA-5hg5-x4p6-wgf5",
"modified": "2022-05-03T03:14:20Z",
"published": "2022-05-03T03:14:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2917"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24282"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11580"
},
{
"type": "WEB",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/16992"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17015"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17050"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17177"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19161"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19532"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1014920"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2005/dsa-828"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:181"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/19607"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0045.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0052.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/14977"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-192-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…