Date: Wed, 21 Mar 2007 11:23:11 +0100 (CET) From: Thomas-Martin Seck <tmseck@netcologne.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/110610: [Maintainer] www/squid: update to 2.6.STABLE12 Message-ID: <200703211023.l2LANBBG002068@hardy.tmseck.homedns.org> Resent-Message-ID: <200703211030.l2LAU5Be079712@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 110610 >Category: ports >Synopsis: [Maintainer] www/squid: update to 2.6.STABLE12 >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Mar 21 10:30:05 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 6.2-STABLE i386 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of March 21, 2007. >Description: Update to 2.6.STABLE12. This update fixes a denial of service vulnerability in the TRACE method. Proposed VuXML entry, entry date left to be filled in: <vuln vid="b5affc11-d793-11db-9f0f-0048543d60ce"> <topic>squid -- TRACE method handling denial of service</topic> <affects> <package> <name>squid</name> <range><ge>2.6.1</ge> <range><lt>2.6.12</lt> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Squid advisory 2007:1 notes:</p> <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2007_1.txt"> <p>Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method.</p> <p>Workarounds:</p> <p>To work around the problem deny access to using the TRACE method by inserting the following two lines before your first http_access rule</p> <p>acl TRACE method TRACE</p> <p>http_access deny TRACE</p> </body> </description> <references> <url>http://www.squid-cache.org/Advisories/SQUID-2007_1.txt</url> </references> <dates> <discovery>2007-03-20</discovery> </dates> </vuln> >How-To-Repeat: >Fix: Apply this patch: Index: Makefile =================================================================== --- Makefile (.../www/squid) (revision 1139) +++ Makefile (.../local/squid) (revision 1139) @@ -75,7 +75,7 @@ # Enable experimental multicast notification of cachemisses. PORTNAME= squid -PORTVERSION= 2.6.11 +PORTVERSION= 2.6.12 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \ @@ -87,7 +87,7 @@ ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \ ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,} MASTER_SITE_SUBDIR= squid-2/STABLE -DISTNAME= squid-2.6.STABLE11 +DISTNAME= squid-2.6.STABLE12 DIST_SUBDIR= squid2.6 PATCH_SITES= http://www.squid-cache.org/%SUBDIR%/ \ Index: distinfo =================================================================== --- distinfo (.../www/squid) (revision 1139) +++ distinfo (.../local/squid) (revision 1139) @@ -1,3 +1,3 @@ -MD5 (squid2.6/squid-2.6.STABLE11.tar.bz2) = 30b38de0a0a7ffce4350f3ca638e9b2e -SHA256 (squid2.6/squid-2.6.STABLE11.tar.bz2) = 98e7d72efff757e7bea4aa33fd3750e152db9cd1e92de07c3252b1a6fa541490 -SIZE (squid2.6/squid-2.6.STABLE11.tar.bz2) = 1263864 +MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d +SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858 +SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703211023.l2LANBBG002068>