Red Hat Bugzilla – Bug 452467
squidGuard: "trailing dot" domain access restriction bypass
Last modified: 2010-03-22 11:39:50 EDT
squidGuard upstream published security advisory regarding domain access restriction bypass affecting systems with squid 3.0: By adding a trailing dot to the domain it is possible to bypass the filter and access blocked sites. This only affects people using squidGuard with squid version 3.0 STABLE1 to STABLE5 (higher version may be affected as well; in any case, if you are running squid 3.0 make sure to patch). Squid version 2.6 is known to remove trailing dots from domains before passing the URLs to squidGuard. References: http://www.squidguard.org/Doc/sg-2008-06-13.html http://bugs.gentoo.org/show_bug.cgi?id=228593 See upstream advisory for patch details. Squid 3.0 is currently shipped in Fedora 9 and Rawhide. Fedora 8 still ships squid 2.6 and shouldn't be affected by this issue.
1.2.1-2 with this patched on it's way through bodhi.