Joined: 12 May 2004
|Posted: Wed Mar 12, 2008 7:26 pm Post subject: [ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code
|Gentoo Linux Security Advisory
Title: Sarg: Remote execution of arbitrary code (GLSA 200803-21)
Date: March 12, 2008
Bug(s): #212208, #212731
Sarg is vulnerable to the execution of arbitrary code when processed with untrusted input files.
Sarg (Squid Analysis Report Generator) is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc.
Vulnerable: < 2.2.5
Unaffected: >= 2.2.5
Architectures: All supported architectures
Sarg doesn't properly check its input for abnormal content when processing Squid log files.
There is no known workaround at this time.
All sarg users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/sarg-2.2.5"
Last edited by GLSA on Sat Nov 01, 2008 4:23 am; edited 2 times in total