The Squid HTTP Proxy team is pleased to announce the
availability of the Squid-3.0.STABLE17 release!
This release is primarily a Security Update release.
All users of Squid-3.0 are urgently advised to move up to this release.
The major changes are for advisory SQUID-2009:2. This is for multiple
vulnerabilities in both request and response processing. The cause is
the same, but there are many variations of possible attack.
http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
There are also a number of smaller fixes in this release with potential
towards security problems. These are much harder trigger within Squid.
The helper issues are primarily of concern when used by other systems
than Squid.
- Bug 2710: squid_kerb_auth non-terminated string
- Bug 2674: Remove limit on HTTP headers read.
- Bug 2659: String length overflows on append, leading to segfaults
- Bug 2620: Invalid HTTP response codes causes segfault
- Bug 2080: wbinfo_group.pl - false positive under certain conditions
And a few more regular bugs:
- Bug 2680 regression: Crash after rotate with no helpers running
- Bug 2679: strsep and strtoll detection failure
- Bug 1087: ESI processor not quoting attributes correctly.
- Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.0/RELEASENOTES.html
if and when you are ready to make the switch to Squid-3.
This new release can be downloaded from our HTTP or FTP servers
http://www.squid-cache.org/Versions/v3/3.0/
ftp://ftp.squid-cache.org/pub/squid-3/STABLE/
or the mirrors. For a list of mirror sites see
http://www.squid-cache.org/Download/http-mirrors.dyn
http://www.squid-cache.org/Download/mirrors.dyn
If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/
Amos Jeffries
Received on Mon Jul 27 2009 - 11:00:19 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 30 2009 - 12:00:05 MDT