Security update for squid

SUSE Security Update: Security update for squid

Announcement ID:	SUSE-SU-2013:1467-1
Rating:	moderate
References:	#677335 #829084
Affected Products:	SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2

An update that solves one vulnerability and has one errata is now available.

Description:

This squid update fixes a buffer overflow issue when squid
attempts to resolve an overly long hostname. This can be
triggered with specially crafted http requests.
(bnc#829084, CVE-2013-4115)

This update also includes a correction to the last change
for logrotate. (bnc#677335)

Security Issue reference:

* CVE-2013-4115
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-squid-8310
SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-squid-8310
SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-squid-8309
SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-squid-8309

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

squid-2.7.STABLE5-2.12.16.1
SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):

squid-2.7.STABLE5-2.12.16.1
SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

squid-2.7.STABLE5-2.12.16.1
SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):

squid-2.7.STABLE5-2.12.16.1

References:

http://support.novell.com/security/cve/CVE-2013-4115.html
https://bugzilla.novell.com/677335
https://bugzilla.novell.com/829084
http://download.suse.com/patch/finder/?keywords=18c19952cbf3c0099a3820697120c484
http://download.suse.com/patch/finder/?keywords=e96c45ffb46fc71de84575955833f192