From: "Bruce A. Locke" <blocke@shivan.org>
To: gentoo-dev@gentoo.org
Subject: [gentoo-dev] Security Advisory Template Draft
Date: Mon Jul 30 14:19:01 2001 [thread overview]
Message-ID: <20010730162101.124d5ed1.blocke@shivan.org> (raw)
Hello... The following is a quick example of a possible security advisory
for when we get a security team up and running. I suppose I should check
into what creation tools are being used for documentation by the rest of
gentoo and write a template in that format so we can generate a text
document suitable for bugtraq and automatically generate a webpage for our
site.
I'd like to ask anyone with sysadmin experience to let me know if
something is missing or could possibly be confusing to let me know. Oh,
and if anyone has some tasteful ASCII line drawing skill, etc please help
me spruce it up and make it look more professional.
Thanks :)
Subject: Gentoo Advisory: squid
------------------------------
Gentoo Linux Security Advisory
------------------------------
Gentoo Linux is a free x86-based community developed Linux distribution
with an advanced package management system (called Portage). Since it may
be possible for users to use different versions of the same package, it is
important that users carefully read this announcement to assess the impact
of the problem on their systems and choose a workaround or solution that
matches their situation.
Packages: net-www/squid (all prior to 2.3.4s-r4)
Date: July 30, 2001
Status: Resolved
Author: Bruce A. Locke (blocke@gentoo.org)
Description:
Squid has a serious security flaw which may allow access to an internal
network and local services if Squid is configured for http_accel while
http_accel_with_proxy is set to "off".
Impact:
May allow unauthorized access to internal networks and may be used as
a way to get around IP based security rules, etc.
Solution:
All users are recommended to upgrade to the latest version available
in portage (2.3.4s-r4). Those unable to upgrade to this version can
disable http_accel mode in Squid's configuration to disable the affected
parts of Squid.
Recommended Procedure:
- su into root
- merge new version of squid:
cd /usr/portage/net-www/squid
emerge squid-2.3.4s-r4.ebuild (or newer version)
- restart the squid service:
/etc/rc.d/init.d/squid stop
/etc/rc.d/init.d/squid start
- unmerge old version (package version may be different):
ebuild /var/db/pkg/net-www/squid/squid-2.3.4s-r3.ebuild unmerge
---------------------------------------------------------------------
Bruce A. Locke
blocke@shivan.org
reply other threads:[~2001-07-30 20:18 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010730162101.124d5ed1.blocke@shivan.org \
--to=blocke@shivan.org \
--cc=gentoo-dev@cvs.gentoo.org \
--cc=gentoo-dev@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox