http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
Monthly Archives: February 2016
CVE-2016-2572
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
Release for CentOS Linux 7 Rolling media Feb 2016
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am pleased to announce general availability of the Feb 2016 snapshot for CentOS Linux. This release includes CentOS Linux 7 iso based install media, Generic Cloud images, Atomic Host, Docker containers, Vagrant images, vendor hosted cloud images. This release set is tag'd 1602 CentOS Linux rolling builds are point in time snapshot media rebuild from original release time, to include all updates pushed to mirror.centos.org's repositories. This includes all security, bugfix, enhancement and general updates for CentOS Linux. Machines installed from this media will have all these updates pre-included and will look no different when compared with machines installed with older media that have been yum updated to the same point in time. All rpm/yum repos remain on mirror.centos.org with no changes in either layout or content. - -------- CentOS Linux 7 / x86_64 install media is available at http://buildlogs.centos.org/rolling/7/isos/x86_64/ File: CentOS-7-x86_64-Minimal-1602-01.iso Sha: 741a28e3d42c40ded2e42b83eda4d8d09137b36ceef584753b94abd298d4dfed File: CentOS-7-x86_64-Everything-1602-01.iso Sha: 6cc79d3f3183318d0089cb04dbfd97418ff009f6fb01bce4849289ede96df45d File: CentOS-7-x86_64-DVD-1602-01.iso Sha: 34120f3bc02e1edd6d5b19516876c8456a1300de4b98da79fb0a7d444d1df3d8 - -------- CentOS Linux 7 / x86_64 Cloud Images are available at : http://cloud.centos.org/centos/7/images/ File: CentOS-7-x86_64-GenericCloud-1602.qcow2 Sha: 1b777fa1ea2b2cf0be7ed6ecce54ef18ece5c6551fb291549b887e33b78d7c78 File: CentOS-7-x86_64-GenericCloud-1602.qcow2c Sha: bc0f51d9376001f8973595b71105b9d53c8c27b3e0969676aab2ab036cc4d835 File: CentOS-7-x86_64-GenericCloud-1602.qcow2.xz Sha: dd0f5e610e7c5ffacaca35ed7a78a19142a588f4543da77b61c1fb0d74400471 File: CentOS-7-x86_64-GenericCloud-1602.raw.tar.gz Sha: f4e679eef79af695bd8f2cb32d37fa93c7cb4644eb79f689bde6bd86100e4af5 - -------- CentOS Atomic Host was released earlier, details for the release are available at : https://lists.centos.org/pipermail/centos-devel/2016-February/014446.htm l - -------- CentOS Linux 6 and 7 AMIs have been updated as well, as follows: CentOS Linux 6 : https://aws.amazon.com/marketplace/pp/B00NQAYLWO/ CentOS Linux 7 : https://aws.amazon.com/marketplace/pp/B00O7WM7QW/ These images are also now enabled across all Amazon EC2 regions, and available on all HVM instance types. This includes the Amazon AWS free tier. - -------- CentOS Linux 7 / x86_64 Vagrant images are updated at https://vagrantcloud.com/centos/boxes/7 and the backing files can be downloaded for libvirt and virtualbox providers at : Libvirt: http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-V agrant-1602_02.LibVirt.box Virtualbox: http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-V agrant-1602_02.VirtualBox.box - -------- CentOS Linux 5 / 6 and 7 docker images are updated at http://index.docker.io/_/centos - -------- We welcome all feedback around these rolling builds and media updates at the centos-devel mailing list ( http://lists.centos.org/ ). enjoy! - -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJW0O/fAAoJEI3Oi2Mx7xbt0KwH/RUBoINSas2fADErpw0HFJI+ 8QmRa5sH6X5vvBodWMT5qiulkof06IgX6psrniCzYejt88OP0XUjuA0lEh9MUq4a Ie7X5TnXIndH0eGU3UQIivXRojeSTdDjNmbdTQehxTN5WfA/tml29eppMBRt6xEi K56/Ml2FxdU/b1EkCBO68VWcZvAl6gxmtLJv38sFn2WxepDjyrHGF+A10sJqGYt6 V7E32iZqZDwkSmuWwHdf7T0NH9DE9TxcIH/IsRUnYAcwqLcGZm+WqFoD6KRafVAM e2KvLr/L9NwaU6C6rZVWJ1yHwBaYH87xNEGcr69mpR2HJQt3PrlkiTC4wXVKpRg= =015B -----END PGP SIGNATURE-----
DSA-3494 cacti – security update
Two SQL injection vulnerabilities were discovered in cacti, a web
interface for graphing of monitoring systems. Specially crafted input
can be used by an attacker in parameters of the graphs_new.php script to
execute arbitrary SQL commands on the database.
GLSA 201602-03: libwmf: Multiple vulnerabilities
Centreon 2.5.3 Code Execution
Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.
25 days offline: I’m not insane (yet) – Part III
Keeping my mind occupied without the Internet is not that difficult… but you need to learn how to live in this situation.
Being offline during my vacation gives me lots of time and no worries
Day 15. About 10 days to go… I have a lot of time and no worries. You should test this offline vacation idea for yourself. I’m reading Fiódor Dostoiévski much faster than when I need to read and answer a lot of emails and messages. Thanks for your comments in the blog (if any), and I hope I’m not being criticized that much in our social media channels.
Day 16-18. The sun is in the sky! What a wonderful time to be in Chile enjoying the country, the museums, the monuments, the beaches and the fields. I’m pretty confident I’ll make it, but you never know. My only online moments are to share these experiences with you. I’m lucky it’s not a harder challenge: Vacationing from all technology. That would be hard. With the ‘Internet of Things’ all round, this type of personal experience could be harder and harder in the future.
I have had time to explore beautiful Chile and talk to the people here
Day 19. Alive! Man, I’ve learned a lot of Spanish as I need to keep talking with anyone around me. By talking to people, instead of reading about it online, I’m connected to the world, understanding what is going on, how things are done here in this foreign country. I’m learning a lot and also resting and enjoying life a lot.
Day 20. The computer start doing weird things: The time has changed (of course, this is not that good, old CMOS battery!), and two paid apps were not recognized and locked access to themselves . I might be offline, but my apps want to phone home!
Day 21-22. I’ve noticed (in a friend’s phone) the first two parts of this article were published. Thanks! Although, by this time, no comments at all… Even my forum friends do not seem to talk that much. Maybe what I am doing is not that special?
Tomorrow I’ll send some new pictures for Deborah to publish in this last part.
Day 23-24. It’s time to restore the computer conditions so I can have Internet again. That means, in my case, restore the automatic online backup services, startup items, some Windows services I’ve got disabled and, of course, Avast Antivirus. Restarting the computer will prepare it for connection tomorrow (I hope).
Day 25. Wo0h00! New life! My computer has been connected again. Wow! A new Avast Antivirus version. I was shocked when I discovered that only 3 of my Windows applications were updated, compared to more than 30 in my smartphone. Man, the world is turning mobile, no doubt. After I update my Windows to Insider Preview 14271 version released some days ago it will be time to read about what I missed and, perhaps, write another blog article.
Thanks for supporting me in this (weird) offline experience. It’s good to be connected again. 
