[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050506110140.GD17617@piware.de>
Date: Fri, 6 May 2005 13:01:40 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-122-1] Squid vulnerability
===========================================================
Ubuntu Security Notice USN-122-1 May 06, 2005
squid vulnerability
CAN-2005-1345
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
squid
The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.8 (for Ubuntu 4.10), or 2.5.8-3ubuntu1.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.
Details follow:
Michael Bhola discovered that errors in the http_access configuration,
in particular missing or invalid ACLs, did not cause a fatal error.
This could lead to wider access permissions than intended by the
administrator.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8.diff.gz
Size/MD5: 276757 7b26eb2a184679022f464b63e291d19b
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8.dsc
Size/MD5: 652 4da37d1c615d54797cc2028d849105ab
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.8_all.deb
Size/MD5: 190936 91e6cd46663089e064b6fb42ace96ac9
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_amd64.deb
Size/MD5: 90378 e9015fbc3c1254c6c2f5bc8ac56efce2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_amd64.deb
Size/MD5: 813128 634d42a1725cfc923e35ea8119ffe3d0
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_amd64.deb
Size/MD5: 71736 fbae0529e868d4134d0ee115ff6638b9
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_i386.deb
Size/MD5: 88894 85ec877e990f28574de50c2c63e5f4a4
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_i386.deb
Size/MD5: 729090 baed31142f50ab158b623f529611f859
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_i386.deb
Size/MD5: 70454 3231efcaf0b8df6e613f25ec5b9346ab
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_powerpc.deb
Size/MD5: 89812 c73f36d8e893f983bf232356706dcc76
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_powerpc.deb
Size/MD5: 796794 1db8a06b33cac36bbc3a629f8a7a3c80
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_powerpc.deb
Size/MD5: 71226 7af865a03317a5a931c4809d9707d3d4
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1.diff.gz
Size/MD5: 298580 d806b5e84ae924135a6a34b44c1133a5
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1.dsc
Size/MD5: 663 a38a9f433f5823817c26026ce84560c5
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8.orig.tar.gz
Size/MD5: 1383756 bbc1e77bd175462732fe5f0d822fd160
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8-3ubuntu1.1_all.deb
Size/MD5: 194406 304fe5aae35b6afd0979a9e44637e176
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_amd64.deb
Size/MD5: 92780 4b4f9585274c29628aa225ad840cec48
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_amd64.deb
Size/MD5: 821112 c6a2a4efe7b9fa6bc14958034368fca0
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_amd64.deb
Size/MD5: 75330 6d94993c5922a51d97b7756e025e81bf
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_i386.deb
Size/MD5: 91166 6e36aa5eed03be943c4f1d5ecb4b54dc
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_i386.deb
Size/MD5: 739882 1c7b570053e84764736c4f4734efa197
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_i386.deb
Size/MD5: 73944 7ad8129917311c54a31e6179a152217f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_powerpc.deb
Size/MD5: 92264 e034c75cf11777603c273f57566d1eaf
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_powerpc.deb
Size/MD5: 809094 c50c0f96eca1fcb05232147749a3336a
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_powerpc.deb
Size/MD5: 74794 a05d17bdd0d44a4bcdcbf8e61a1bddda
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists