SuSE Linux issues Squid security alert

News

SuSE Linux issues Squid security alert

SuSE Linux has detected five security vulnerabilities in the version of the Squid Web cache software included in its Linux distribution.

Squid is a high-performance proxy cache server software for Web clients, supporting FTP (File Transfer Protocol), gopher and HTTP (Hypertext Transfer Protocol) data objects.

Unlike traditional caching software, Squid handles all requests in a single, nonblocking, I/O-driven process.

The severity of the errors in the package ranges from harmless to critical, according to SuSE. The company points to vulnerabilities in gopher clients and the FTP directory parsing code, which could "remotely execute code introduced by attackers".

"Every open source vendor with Squid software, which is the most widely used cache proxy package, is affected," said Roman Drahtmüller, director of SuSE's security team.

SuSE has released patches, which can be found, together with the company's security announcement, at: www.suse.de/de/support/security/2002_025_squid_txt.html

Further information about the Squid Web proxy can be found at: www.squid-cache.org/.
Related Topics: Web software, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy