A bug was found in the way Squid handles FQDN lookups. It was possible to crash the Squid server by sending a carefully crafted DNS response to an FQDN lookup. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0446 to this issue. https://rhn.redhat.com/errata/RHSA-2005-173.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0446 Must base packages on the ones from bug 2150 ------- Additional Comments From jpdalbec 2005-03-11 03:58:58 ---- 05.10.28 CVE: CAN-2005-0626 Platform: Cross Platform Title: Squid Proxy Set-Cookie Information Disclosure Description: Squid is web proxy software. It is affected by a remote information disclosure problem. The issue presents itself when the requested server employs the Netscape "Set-Cookie" specifications. Squid Proxy versions 2.5 STABLE7 through version 2.5 STABLE9 are affected. Ref: http://www.securityfocus.com/advisories/8208 ------- Additional Comments From pekkas 2005-03-18 09:26:01 ---- Because there haven't been any VERIFY votes for the previous squid version, I guess it would make sense to fold this into the same mess. I suggest we track this under #2150.. ------- Additional Comments From marcdeslauriers 2005-03-19 11:44:43 ---- Well, if we track it in 2150, we should close this one. *** This bug has been marked as a duplicate of 2150 *** ------- Bug moved to this database by dkl 2005-03-30 18:31 ------- This bug previously known as bug 2446 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2446 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.