Bug 146787 - CAN-2005-0194 Empty proxy_auth ACLs are silently accepted but lead to unpredictable ACL matching
CAN-2005-0194 Empty proxy_auth ACLs are silently accepted but lead to unpredi...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: squid (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
impact=moderate,public=20050115
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-01 11:58 EST by Josh Bressers
Modified: 2014-08-31 19:27 EDT (History)
2 users (show)

See Also:
Fixed In Version: 7:2.5.STABLE3-6.3E.7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-14 11:13:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-02-01 11:58:08 EST
If a proxy_auth acl is incorrectly defined with no members then any http_access
rules using this acl will give unpredictable results depending on the results of
earlier acl lookups. This patch corrects both the reason to why acl lookups
became unpredictable and makes Squid reject such incorrect acl definitions.

The upstream patch for this issue is here:
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE4-empty_proxy_auth.patch
Comment 1 Josh Bressers 2005-02-01 11:59:48 EST
This issue should also affect RHEL2.1
Comment 2 Jay Fenlason 2005-02-01 14:58:16 EST
RHEL-2.1 is safe--squid-2.4.STABLE7 errors on startup if the config file 
contains empty proxy_auth acls. 
Comment 3 David Eisenstein 2005-10-15 11:47:41 EDT
In which of the RHSA's was this issue fixed?
Comment 4 David Eisenstein 2005-10-15 11:50:52 EDT
D'oh.  I think I found it -- RHSA-2005:061.  Sorry to bother you.

Note You need to log in before you can comment on or make changes to this bug.