Security update for squid3

SUSE Security Update: Security update for squid3

Announcement ID:	SUSE-SU-2014:0569-1
Rating:	moderate
References:	#677335 #867533
Affected Products:	SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3

An update that solves one vulnerability and has one errata is now available.

Description:

A remote DoS attack in the Squid web proxy has been fixed.

Due to incorrect state management, Squid was vulnerable to
a denial of service attack when processing certain HTTPS
requests (CVE-2014-0128).

For more information see
http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
.

Additionally, a bug in the logrotate configuration file has
been fixed. The 'su' statement was moved into the
'logfile' section (bnc#677335).

Security Issue reference:

* CVE-2014-0128
>

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-squid3-9138
SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-squid3-9138

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

squid3-3.1.12-8.16.18.1
SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):

squid3-3.1.12-8.16.18.1

References:

http://support.novell.com/security/cve/CVE-2014-0128.html
https://bugzilla.novell.com/677335
https://bugzilla.novell.com/867533
http://download.suse.com/patch/finder/?keywords=14a8781e229fe9480bf4955e3c10906e