Full Disclosure mailing list archives
[USN-183-1] Squid vulnerabilities
From: Martin Pitt <martin.pitt () canonical com>
Date: Tue, 13 Sep 2005 14:19:13 +0200
=========================================================== Ubuntu Security Notice USN-183-1 September 13, 2005 squid vulnerabilities CAN-2005-2794, CAN-2005-2796 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: squid The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.10 (for Ubuntu 4.10), or 2.5.8-3ubuntu1.3 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A Denial of Service vulnerability was discovered in the handling of aborted requests. A remote attacker could exploit this to crash Squid by sending specially crafted requests. (CAN-2005-2794) Alex Masterov discovered a Denial of Service vulnerability in the sslConnectTimeout() function. By sending specially crafted SSL requests, a remote attacker could exploit this to crash Squid. (CAN-2005-2796) Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10.diff.gz Size/MD5: 284164 ce36b166233fd9946e920556da79e75d http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10.dsc Size/MD5: 654 017d00f58a7841262bfb2d8f50cb6e0f http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.10_all.deb Size/MD5: 191164 3c039b5284111aab880c85a156824de2 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_amd64.deb Size/MD5: 90580 0b771b5715aa2b0386ffa3c096a8f93d http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_amd64.deb Size/MD5: 813428 57c34e10d0d60d2c2cbe2f4832b35e11 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_amd64.deb Size/MD5: 71952 7fc28a868b31217d05c5fbaf4beeb460 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_i386.deb Size/MD5: 89128 91c225387b4f141a2ffb6ac5aa7bdc44 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_i386.deb Size/MD5: 729584 243212826e7070e0e4c91438a3eb4b25 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_i386.deb Size/MD5: 70684 5bf0595d913dcf59ad3d1bf91d634141 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_powerpc.deb Size/MD5: 90030 01eff0abb64ea07877973e3ba0aaa241 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_powerpc.deb Size/MD5: 797224 98721335e9dfbf0cbf9fc785ddfc918e http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_powerpc.deb Size/MD5: 71452 307bf9ea3680f2dafb4501b39a7ff581 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3.diff.gz Size/MD5: 306456 f4121964e610d1462339a4c5517dd168 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3.dsc Size/MD5: 663 1fbc7e73c20464df34ce77369986130a http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8.orig.tar.gz Size/MD5: 1383756 bbc1e77bd175462732fe5f0d822fd160 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8-3ubuntu1.3_all.deb Size/MD5: 194590 51d2c86df4e26e240b3b3e97e2876234 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_amd64.deb Size/MD5: 93060 903ebc9e9dffb8718ec074167cc60445 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_amd64.deb Size/MD5: 821568 2f65cf838894a289b516d861a62d1c9e http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_amd64.deb Size/MD5: 75580 a6e0d25ea07969cb2d7e0ab81d720a41 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_i386.deb Size/MD5: 91424 f57249b108bfa604c1b22986d3eaf273 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_i386.deb Size/MD5: 740114 d63e0265114b95cfe607fced33dbef3f http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_i386.deb Size/MD5: 74212 64c7f03a9087565ac5358190513de478 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_powerpc.deb Size/MD5: 92528 81dc6239162152b2653a9b486f2d0661 http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_powerpc.deb Size/MD5: 809396 4165d247aff96a5f9ba5d8efec5cfde9 http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_powerpc.deb Size/MD5: 75066 ae63d91495a62335cf050f0377f9509f
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [USN-183-1] Squid vulnerabilities Martin Pitt (Sep 13)