SuSE Linux AG Tuesday announced it has detected five security vulnerabilities in the version of the Squid Web cache software included in its Linux distribution.
Squid is a high-performance proxy cache server software for Web clients, supporting FTP, gopher and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, nonblocking, I/O-driven process.
The severity of the errors in the package ranges from harmless to critical, according to SuSE in Nürnberg, Germany. The company points to vulnerabilities in gopher clients and the FTP directory parsing code, which could "remotely execute code introduced by attackers."
"Every open source vendor with Squid software, which is the most widely used cache proxy package, is affected," said Roman Drahtmüller, director of SuSE's security team.
SuSE has released patches, which can be found, together with the company's security announcement.
Further information about the Squid Web proxy can be found here.
The IDG News Service is a Network World affiliate.
RELATED LINKS
Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.
Request a reprint or permission to use this article.
