[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200501261544.NAA07317@frajuto.distro.conectiva>
Date: Wed, 26 Jan 2005 13:44:16 -0200
From: Conectiva Updates <secure@...ectiva.com.br>
To: conectiva-updates@...aleguas.conectiva.com.br, lwn@....net,
bugtraq@...urityfocus.com, security-alerts@...uxsecurity.com,
linsec@...ts.seifried.org
Subject: [CLA-2005:923] Conectiva Security Announcement - squid
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : squid
SUMMARY : Fixes for squid vulnerabilities
DATE : 2005-01-26 13:41:00
ID : CLA-2005:923
RELEVANT
RELEASES : 9, 10
- -------------------------------------------------------------------------
DESCRIPTION
Squid[1] is a full-featured web proxy cache.
This announcement adds the following patches to Squid:
1.Empty ACLs[2]
The meaning of the access controls becomes somewhat confusing if
any of the referenced acls is declared empty, without any members.
2.Fakeauth_auth[3]
The NTLM fakeauth_auth helper has a memory leak that may cause it
to run out of memory under high load, or if it runs for a very long
time. Additionally, a malformed NTLM type 3 message could cause a
segmentation violation.
3.LDAP spaces[4]
LDAP is very forgiving about spaces in search filters and this
could be abused to log in using several variants of the login name,
possibly bypassing explicit access controls or confusing accounting
4.Non blocking disk[5]
O_NONBLOCK on disk files is not is not standardized, and results
may be unexpected. Linux now starts to add O_NONBLOCK support on disk
files but the implementation is not complete yet and this bites
Squid.
5.Gopher html parsing[6]
A malicious gopher server may return a response with very long
lines that cause a buffer overflow in Squid.
6.WCCP denial of service[7]
WCCP_I_SEE_YOU messages contain a 'number of caches' field which
should be between 1 and 32. Values outside that range may crash Squid
if WCCP is enabled, and if an attacker can spoof UDP packets with the
WCCP router's IP address.
7.SNMP core dump[8]
If certain malformed SNMP request is received Squid restarts with a
Segmentation Fault error.
Aditionally, this announcement increases the Squid's initscript
timeout for waiting it to stop from 10 seconds to 35 seconds,
avoiding problems with stuck connections.
SOLUTION
It is recommended that all squid users upgrade to the latest
packages. This update will automatically restart the service if it is
already running.
REFERENCES
1.http://squid.nlanr.net/
2.http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
3.http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
4.http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
5.http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-non_blocking_disk
6.http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-gopher_html_parsing
7.http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_denial_of_service
8.http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-SNMP_core_dump
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/squid-2.5.5-63116U10_6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5.5-63116U10_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/squid-2.5.5-25761U90_9cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-2.5.5-25761U90_9cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-auth-2.5.5-25761U90_9cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-extra-templates-2.5.5-25761U90_9cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@...aleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@...aleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFB97rO42jd0JmAcZARAqCWAJ4zZ3bYMYqrbbmwxOaP1oVCg3W6tACg3k6U
sQB1t8gIRJ1koYueHBDxxKU=
=aVJr
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists