Integrate vendor patches as published on <http://www.squid-cache.org/Versions/v2/2.5/bugs/>: - FTP data connection fails on some FTP servers when requesting a directory without a trailing slash (squid bug #1194) - Icons fail to load on non-anonymous FTP when using the short_icons_url configuration directive (squid bug #1203) - Strengthen squid against HTTP response splitting cache pollution attacks (squid bug #1200), classified as security issue by the vendor Proposed VuXML information, entry date left to be filled in: (Note: I added only a publically accessible link to the Sanctum, Inc. whitepaper, the squid bug tracker contains a deep link to the PDF itself; if we are allowed to publish it, it could instead be used as reference because Sanctum, Inc. wants you to register with them before you get access to their whitepapers.) <vuln vid="4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3"> <topic>squid -- HTTP response splitting cache pollution attack</topic> <affects> <package> <name>squid</name> <range><lt>2.5.7_8</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>According to a whitepaper published by Sanctum, Inc., it is possible to mount cache poisoning attacks against, among others, squid proxies by inserting false replies into the HTTP stream.</p> <p>The squid patches page notes:</p> <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting"> <p>This patch additionally strengthens Squid from the HTTP response attack described by Sanctum.</p> </blockquote> </body> </description> <references> <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting</url> <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1200</url> <url>https://www.watchfire.com/securearea/whitepapers.aspx?id=8</url> </references> <dates> <discovery>2004-03-01</discovery> <entry></entry> </dates> </vuln> Fix: Apply this patch:
State Changed From-To: open->closed Committed, thanks!