- Issued:
- 2015-07-22
- Updated:
- 2015-07-22
RHBA-2015:1314 - squid bug fix and enhancement update
Synopsis
squid bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Updated squid packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
Description
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
The squid packages have been upgraded to upstream version 3.1.23, which provides a number of bug fixes and enhancements over the previous version. Among others, this update adds support for the HTTP/1.1 POST and PUT responses with no message body to squid. (BZ#999305)
This update also fixes the following bugs:
-
During the testing phase, it was discovered that restarting squid caused all files on the system to be deleted. Red Hat has fixed the bug before it could affect any users of squid. As a result, restarting squid does not cause any files on the system to be deleted. This bug was never released neither as part of Red Hat Enterprise Linux, nor as part of any upstream version of the squid packages. For more information about the bug, see the Knowledgebase Solution linked to in the References section. (BZ#1202858)
-
Prior to this update, it was possible to start a new instance of squid while a previous instance was still running. Consequently, the previous instance of squid was running simultaneously with the new instance. This update modifies the squid init script to verify that squid has been terminated before starting a new instance. As a result, the squid init script fails with an error when a new instance is initiated in this scenario, allowing the administrator to properly handle the situation. (BZ#1102343)
-
Under high system load, the squid process sometimes terminated unexpectedly with a segmentation fault during reboot. This update provides better memory handling during reboot, thus fixing this bug. (BZ#1112842)
-
Previously, squid sometimes returned an incorrect tag from the Access Control List (ACL) code when using an external ACL. The bug has been fixed, and squid no longer returns the incorrect ACL tag in this situation. (BZ#1114714)
-
Prior to this update, squid in some cases terminated unexpectedly with the following error message:
xstrdup: tried to dup a NULL pointer!
This update fixes the incorrect error handling that caused this problem. As a result, the described error no longer causes squid to crash. (BZ#1149588)
-
Previously, certain monitoring utilities could not load the Management Information Base (MIB) modules. The obsolete MIB file causing this problem has been updated, and the MIB modules can now be loaded as expected. (BZ#1162115)
-
Previously, it was not possible to log host names. With this update, squid no longer sends malformed DNS PTR queries, and as a result, host names are logged as expected. (BZ#1165618)
-
Prior to this update, squid terminated unexpectedly when it encountered a certain assertion in the squid code. The assertion has been replaced with proper error handling, and squid now handles the described situation gracefully. (BZ#1171967)
-
Previously, squid exceeded the limit of maximum locks set to 65,535 under certain circumstances. Consequently, squid terminated unexpectedly. This update significantly increases the lock limit. The new limit is sufficient to prevent squid from exceeding the maximum limit of locks in usual situations. (BZ#1177413)
In addition, this update adds the following enhancement:
- The squid packages are now built with the "--enable-http-violations" option and allow the user to hide or rewrite HTTP headers. (BZ#1171947)
Users of squid are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the squid service will be restarted automatically.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
Updated Packages
- squid-3.1.23-9.el6.s390x.rpm
- squid-debuginfo-3.1.23-9.el6.ppc64.rpm
- squid-debuginfo-3.1.23-9.el6.x86_64.rpm
- squid-3.1.23-9.el6.x86_64.rpm
- squid-3.1.23-9.el6.ppc64.rpm
- squid-3.1.23-9.el6.i686.rpm
- squid-3.1.23-9.el6.src.rpm
- squid-debuginfo-3.1.23-9.el6.s390x.rpm
- squid-debuginfo-3.1.23-9.el6.i686.rpm
Fixes
- This content is not included.BZ - 1102343
- This content is not included.BZ - 1114714
- This content is not included.BZ - 1149588
- This content is not included.BZ - 1165618
- This content is not included.BZ - 1171947
- This content is not included.BZ - 1202858
CVEs
(none)
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.