Mandriva Linux Security Advisory 2009-293 – Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82438/MDVSA-2009-293.txt
Source: https://packetstormsecurity.com/files/82438/Mandriva-Linux-Security-Advisory-2009-293.html