Synopsis:    Low: squid security and bug fix update
Issue Date:  2011-05-19
CVE Numbers: CVE-2010-3072


Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.

It was found that string comparison functions in Squid did not properly
handle the comparisons of NULL and empty strings. A remote, trusted web
client could use this flaw to cause the squid daemon to crash via a
specially-crafted request. (CVE-2010-3072)

This update also fixes the following bugs:

* A small memory leak in Squid caused multiple "ctx: enter level" messages
to be logged to "/var/log/squid/cache.log". This update resolves the memory
leak. (BZ#666533)

* This erratum upgrades Squid to upstream version 3.1.10. This upgraded
version supports the Google Instant service and introduces various code
improvements. (BZ#639365)

Users of squid should upgrade to this updated package, which resolves these
issues. After installing this update, the squid service will be restarted
automatically.

SL6:
   x86_64
      squid-3.1.10-1.el6.x86_64.rpm
      squid-debuginfo-3.1.10-1.el6.x86_64.rpm
   i386
      squid-3.1.10-1.el6.i686.rpm
      squid-debuginfo-3.1.10-1.el6.i686.rpm

- Scientific Linux Development Team