squid security update
Security Advisory: Moderate
Updated squid packages that fix a denial of service issue are now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team
Squid is a full-featured Web proxy cache.
A bug was found in the way Squid handles FQDN lookups. It was possible
to crash the Squid server by sending a carefully crafted DNS response to
an FQDN lookup. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0446 to this issue.
Users of squid should upgrade to this updated package, which contains a
backported patch, and is not vulnerable to this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/