lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050506110140.GD17617@piware.de>
Date: Fri, 6 May 2005 13:01:40 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-122-1] Squid vulnerability

===========================================================
Ubuntu Security Notice USN-122-1	       May 06, 2005
squid vulnerability
CAN-2005-1345
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.8 (for Ubuntu 4.10), or 2.5.8-3ubuntu1.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Michael Bhola discovered that errors in the http_access configuration,
in particular missing or invalid ACLs, did not cause a fatal error.
This could lead to wider access permissions than intended by the
administrator.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8.diff.gz
      Size/MD5:   276757 7b26eb2a184679022f464b63e291d19b
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8.dsc
      Size/MD5:      652 4da37d1c615d54797cc2028d849105ab
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
      Size/MD5:  1363967 6c7f3175b5fa04ab5ee68ce752e7b500

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.8_all.deb
      Size/MD5:   190936 91e6cd46663089e064b6fb42ace96ac9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_amd64.deb
      Size/MD5:    90378 e9015fbc3c1254c6c2f5bc8ac56efce2
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_amd64.deb
      Size/MD5:   813128 634d42a1725cfc923e35ea8119ffe3d0
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_amd64.deb
      Size/MD5:    71736 fbae0529e868d4134d0ee115ff6638b9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_i386.deb
      Size/MD5:    88894 85ec877e990f28574de50c2c63e5f4a4
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_i386.deb
      Size/MD5:   729090 baed31142f50ab158b623f529611f859
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_i386.deb
      Size/MD5:    70454 3231efcaf0b8df6e613f25ec5b9346ab

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_powerpc.deb
      Size/MD5:    89812 c73f36d8e893f983bf232356706dcc76
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_powerpc.deb
      Size/MD5:   796794 1db8a06b33cac36bbc3a629f8a7a3c80
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_powerpc.deb
      Size/MD5:    71226 7af865a03317a5a931c4809d9707d3d4

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1.diff.gz
      Size/MD5:   298580 d806b5e84ae924135a6a34b44c1133a5
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1.dsc
      Size/MD5:      663 a38a9f433f5823817c26026ce84560c5
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8.orig.tar.gz
      Size/MD5:  1383756 bbc1e77bd175462732fe5f0d822fd160

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8-3ubuntu1.1_all.deb
      Size/MD5:   194406 304fe5aae35b6afd0979a9e44637e176

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_amd64.deb
      Size/MD5:    92780 4b4f9585274c29628aa225ad840cec48
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_amd64.deb
      Size/MD5:   821112 c6a2a4efe7b9fa6bc14958034368fca0
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_amd64.deb
      Size/MD5:    75330 6d94993c5922a51d97b7756e025e81bf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_i386.deb
      Size/MD5:    91166 6e36aa5eed03be943c4f1d5ecb4b54dc
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_i386.deb
      Size/MD5:   739882 1c7b570053e84764736c4f4734efa197
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_i386.deb
      Size/MD5:    73944 7ad8129917311c54a31e6179a152217f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_powerpc.deb
      Size/MD5:    92264 e034c75cf11777603c273f57566d1eaf
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_powerpc.deb
      Size/MD5:   809094 c50c0f96eca1fcb05232147749a3336a
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_powerpc.deb
      Size/MD5:    74794 a05d17bdd0d44a4bcdcbf8e61a1bddda

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ