From owner-freebsd-security  Thu Feb 21  7: 9:29 2002
Delivered-To: freebsd-security@freebsd.org
Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40])
	by hub.freebsd.org (Postfix) with ESMTP id 237B537B402
	for <freebsd-security@freebsd.org>; Thu, 21 Feb 2002 07:09:26 -0800 (PST)
Received: by peitho.fxp.org (Postfix, from userid 1501)
	id 9EFEA1366A; Thu, 21 Feb 2002 10:09:25 -0500 (EST)
Date: Thu, 21 Feb 2002 10:09:25 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: Alberto Manzoni <alberto.manzoni@univr.it>
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:12.squid
Message-ID: <20020221150925.GA43867@peitho.fxp.org>
Mail-Followup-To: Chris Faulhaber <jedgar@fxp.org>,
	Alberto Manzoni <alberto.manzoni@univr.it>,
	freebsd-security@freebsd.org
References: <003f01c1bae8$8abb1520$53061b9d@univr.it>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5"
Content-Disposition: inline
In-Reply-To: <003f01c1bae8$8abb1520$53061b9d@univr.it>
User-Agent: Mutt/1.3.24i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 21, 2002 at 04:00:46PM +0100, Alberto Manzoni wrote:
> >4) No workaround exists for the HTCP issue except to set up a firewall
> >rule to block incoming packets to the Squid HTCP port (normally, UDP
> >port 4827) from untrusted hosts.
>=20
> No way setting htcp_port 0 ??
>=20

Not according to the advisory released by the squid developers
(and referenced in our advisory):

http://www.squid-cache.org/Advisories/SQUID-2002_1.txt

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iEYEARECAAYFAjx1DaUACgkQObaG4P6BelC26gCfRsnCLzL9/ibnjhhXvE9p2/ng
GjsAn2GbYhsIs0kW9opGxbQVkuHzMiWA
=R2Jb
-----END PGP SIGNATURE-----

--FL5UXtIhxfXey3p5--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message