Issued:

2014-10-13

Updated:

2014-10-13

RHBA-2014:1446 - squid bug fix update

Synopsis

squid bug fix update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated squid packages that fix several bugs are now available for Red Hat Enterprise Linux 6.

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

This update fixes the following bugs:

• Prior to this update, the /etc/init.d/squid initialization script did not describe the condrestart option, and therefore it did not appear in the Usage message. This bug has been fixed, and condrestart is now displayed correctly in the Usage message. (BZ#876980)

• Under certain circumstances, the comm_write() function of the squid utility attempted to write to file descriptors that were being closed. Consequently, the squid utility was aborted. With this update, a patch that handles the write attempt has been introduced. As a result, squid is no longer aborted in the aforementioned scenario. (BZ#998809)

• Due to a bug in the default /etc/httpd/conf.d/squid.conf configuration file, the squid utility was not allowed to access the CacheManager tool at Content from localhost is not included.http://localhost/Squid/cgi-bin/cachemgr.cgi.%20The%20bug%20has%20been%20fixed,%20and%20squid can now access CacheManager without complications. (BZ#1011952)

• Under certain circumstances, the squid utility leaked Domain Name System (DNS) queries. Consequently, squid often reached the limit of maximum locks set to 65,535 and terminated unexpectedly. With this update, several changes have been made to prevent leaked queries. Also, the lock limit has been increased to the maximum value of the integer data type. (BZ#1034616)

• Previously, after receiving a malformed Domain Name System (DNS) response, the squid utility terminated unexpectedly and did not start again. The underlying source code has been modified, and as a result, squid now handles malformed DNS responses without complications. (BZ#1047839)

• Under certain circumstances, child processes of the squid utility terminated unexpectedly and generated a core file. This bug has been fixed, and squid processes no longer exit abnormally. (BZ#1058207)

• Previously, the AuthBasicUserRequest method of the squid utility overrode the default user() methods with its own data. Consequently, a memory leak occurred when using basic authentication, which led to high memory consumption of squid. With this update, the aforementioned override was removed and the memory leak no longer occurs. (BZ#1066368, BZ#1089614)

Users of squid are advised to upgrade to these updated packages, which fix these bugs. After installing this update, the squid service will be restarted automatically.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

Affected Products

Updated Packages

• squid-debuginfo-3.1.10-29.el6.i686.rpm
• squid-debuginfo-3.1.10-29.el6.s390x.rpm
• squid-3.1.10-29.el6.src.rpm
• squid-3.1.10-29.el6.x86_64.rpm
• squid-3.1.10-29.el6.ppc64.rpm
• squid-3.1.10-29.el6.s390x.rpm
• squid-debuginfo-3.1.10-29.el6.x86_64.rpm
• squid-debuginfo-3.1.10-29.el6.ppc64.rpm
• squid-3.1.10-29.el6.i686.rpm

Fixes

• This content is not included.BZ - 876980
• This content is not included.BZ - 1011952

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.