| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Apr 14 10:30:05 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-111-1] Squid vulnerability
===========================================================
Ubuntu Security Notice USN-111-1 April 14, 2005
squid vulnerability
CAN-2005-0718
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
squid
The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
A remote Denial of Service vulnerability has been discovered in Squid.
If the remote end aborted the connection during a PUT or POST request,
Squid tried to free an already freed part of memory, which eventually
caused the server to crash.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.diff.gz
Size/MD5: 275491 d294a0441d7e2de0da9341eace2c7e73
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.dsc
Size/MD5: 652 1816d94b51dc62c5377504600fe84b91
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.7_all.deb
Size/MD5: 190750 ff6a2988ea2399fcaa916ae5c39323e1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 90162 64c8782355756f2dc21a2a4bd405f512
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 812954 b2d4e53f212ce58fd33e650dd2b5014a
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 71526 1ce2d80bda1f61c56b1541fd3eda4e77
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 88692 67b6ed2744f38d3e0033445f7ddd30e2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 728956 0383caf202387afd18855a77f7a349a0
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 70260 5765c384fdaa1bb4c172f5bb2ecf2bc8
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 89612 7c28105327bf3fc664d4a679e231625f
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 796392 70e394cace6837edc6643ddd33916d45
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 71030 edc5b5f6f79e958bb701ba4f4fb9c19d
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050414/d59fa032/attachment.bin
Powered by blists - more mailing lists