SecuLog

■squid-2.5.STABLE8

主な修正はこんな感じらしい。

• Squid no longer closes all open filedescriptors. Previous Squid versions have for increased security closed any open filedescriptors left open by the process starting Squid, but this is not really our business and causes problems for certain libraries opening internal filedescriptors in some conditions (some SSL libraries, syslog, DNS resolver etc).
• Configuration parser made more strict and consistent. Previously empty acl declarations were ignored in http_access causing some unexpected results. Now empty acl declarations are allowed (matching nothing) and http_access requires all listed acls to be defined.
• A minor information leak in error messages due to malformed host names corrected
• Several HTTP security fixes to prevent cache pollution attacks or theft of user confidential information. New relaxed_http_parser directive to control how strict the HTTP parser should be.
• Buffer overflow fix in gopherToHTML.
• Corrected a Segmentation fault on malformed WCCP packets.
• squid_ldap_auth now sanity checks usernames
• Corrected a Segmentation fault and other malfunctions on failed PUT/POST requests.
• Properly handle oversized reply headers

seculogger による 04:09 午前 の書き込み (カテゴリー: ツール情報)
| 印刷用 | PDF | Translate (en)| 参照数( 1551)

このWeblog中の関連記事: squid-2.5.STABLE8

Google検索: squid2.5.STABLE8

Amazon検索: squid-2.5.STABLE8

コメント