lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041106185142.GA3994@box79162.elkhouse.de>
Date: Sat, 6 Nov 2004 19:51:42 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-19-1] squid vulnerabilities

===========================================================
Ubuntu Security Notice USN-19-1		  November 06, 2004
squid vulnerabilities
CAN-2004-0832, CAN-2004-0918
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.2.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Recently, two Denial of Service vulnerabilities have been discovered
in squid, a WWW proxy cache. Insufficient input validation in the NTLM
authentication handler allowed a remote attacker to crash the service
by sending a specially crafted NTLMSSP packet. Likewise, due to an
insufficient validation of ASN.1 headers, a remote attacker could
restart the server (causing all open connections to be dropped) by
sending certain SNMP packets with negative length fields.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.2.diff.gz
      Size/MD5:   259904 dafa303b7dbaba6d94cdb6219bf2608f
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.2.dsc
      Size/MD5:      652 e2fb6fe3b776af4b2a84bf2103a41386
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
      Size/MD5:  1363967 6c7f3175b5fa04ab5ee68ce752e7b500

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.2_all.deb
      Size/MD5:   184630 a2ad407c6e371287fc6061d9a1295c83

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.2_amd64.deb
      Size/MD5:    89084 c83f32e9c4b9253107046b3c8626a7a6
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.2_amd64.deb
      Size/MD5:   810780 19c62c0e6581a194c4b61d7ff3988de1
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.2_amd64.deb
      Size/MD5:    70420 fbd6e6d34c9e0834b497f4c8d8f565d2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.2_i386.deb
      Size/MD5:    87604 25c3fe52bd106d8867e388185f131911
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.2_i386.deb
      Size/MD5:   725978 79f5c89b1e0e5cbaa9b96efbc55b5e49
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.2_i386.deb
      Size/MD5:    69154 04818e3a50390c2f26cfa1fddbbba7ec

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.2_powerpc.deb
      Size/MD5:    88536 5fc818c479164f8192a7dd8ffe490143
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.2_powerpc.deb
      Size/MD5:   793294 7dd44b476aa14a7c5462a948d1bbf593
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.2_powerpc.deb
      Size/MD5:    69908 b79a85411417cda463932a656a6c8ff5

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ