[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050308110626.GA3137@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-93-1] Squid vulnerability
===========================================================
Ubuntu Security Notice USN-93-1 March 08, 2005
squid vulnerability
CAN-2005-0626
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
squid
The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.6. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
A race condition was discovered in the handling of "Set-Cookie"
headers. If the obsolete Netscape recommendation was used for handling
cookies in the cache, it was possible for an attacker to steal the
cookies of other users.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6.diff.gz
Size/MD5: 274718 c9d8eb20819948c3d59705745730e88e
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6.dsc
Size/MD5: 652 6e6f281efb48e36c75016b159e19f050
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.6_all.deb
Size/MD5: 190704 eff315816c0f840e3857af0ec8e2d213
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_amd64.deb
Size/MD5: 90084 0ffd6d6a57b8a20859239eb0469b913c
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_amd64.deb
Size/MD5: 812874 29194c51fdbb055aea7c0a913f49d972
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_amd64.deb
Size/MD5: 71438 f4551b3d077723a432a32dbbd1208504
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_i386.deb
Size/MD5: 88616 c02beab64129afa343022eb0a47c03fb
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_i386.deb
Size/MD5: 728856 3ccd8846f2b807c94a499e6b53daceba
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_i386.deb
Size/MD5: 70172 8d12341a1f50936da07358b66d0ebf6a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_powerpc.deb
Size/MD5: 89514 9cb43b1cd9fd17c1d21664b73cbd21c0
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_powerpc.deb
Size/MD5: 796326 c9036ad491d500cfe4ed4494c537ff26
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_powerpc.deb
Size/MD5: 70928 636dac5028b9475b03260b1800a37e5c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050308/72647f66/attachment.bin
Powered by blists - more mailing lists