[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050913121913.GB18201@piware.de>
Date: Tue Sep 13 13:19:23 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-183-1] Squid vulnerabilities
===========================================================
Ubuntu Security Notice USN-183-1 September 13, 2005
squid vulnerabilities
CAN-2005-2794, CAN-2005-2796
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
squid
The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.10 (for Ubuntu 4.10), or 2.5.8-3ubuntu1.3 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.
Details follow:
A Denial of Service vulnerability was discovered in the handling of
aborted requests. A remote attacker could exploit this to crash Squid
by sending specially crafted requests. (CAN-2005-2794)
Alex Masterov discovered a Denial of Service vulnerability in the
sslConnectTimeout() function. By sending specially crafted SSL
requests, a remote attacker could exploit this to crash Squid.
(CAN-2005-2796)
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10.diff.gz
Size/MD5: 284164 ce36b166233fd9946e920556da79e75d
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10.dsc
Size/MD5: 654 017d00f58a7841262bfb2d8f50cb6e0f
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.10_all.deb
Size/MD5: 191164 3c039b5284111aab880c85a156824de2
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_amd64.deb
Size/MD5: 90580 0b771b5715aa2b0386ffa3c096a8f93d
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_amd64.deb
Size/MD5: 813428 57c34e10d0d60d2c2cbe2f4832b35e11
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_amd64.deb
Size/MD5: 71952 7fc28a868b31217d05c5fbaf4beeb460
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_i386.deb
Size/MD5: 89128 91c225387b4f141a2ffb6ac5aa7bdc44
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_i386.deb
Size/MD5: 729584 243212826e7070e0e4c91438a3eb4b25
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_i386.deb
Size/MD5: 70684 5bf0595d913dcf59ad3d1bf91d634141
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_powerpc.deb
Size/MD5: 90030 01eff0abb64ea07877973e3ba0aaa241
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_powerpc.deb
Size/MD5: 797224 98721335e9dfbf0cbf9fc785ddfc918e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_powerpc.deb
Size/MD5: 71452 307bf9ea3680f2dafb4501b39a7ff581
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3.diff.gz
Size/MD5: 306456 f4121964e610d1462339a4c5517dd168
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3.dsc
Size/MD5: 663 1fbc7e73c20464df34ce77369986130a
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8.orig.tar.gz
Size/MD5: 1383756 bbc1e77bd175462732fe5f0d822fd160
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8-3ubuntu1.3_all.deb
Size/MD5: 194590 51d2c86df4e26e240b3b3e97e2876234
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_amd64.deb
Size/MD5: 93060 903ebc9e9dffb8718ec074167cc60445
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_amd64.deb
Size/MD5: 821568 2f65cf838894a289b516d861a62d1c9e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_amd64.deb
Size/MD5: 75580 a6e0d25ea07969cb2d7e0ab81d720a41
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_i386.deb
Size/MD5: 91424 f57249b108bfa604c1b22986d3eaf273
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_i386.deb
Size/MD5: 740114 d63e0265114b95cfe607fced33dbef3f
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_i386.deb
Size/MD5: 74212 64c7f03a9087565ac5358190513de478
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_powerpc.deb
Size/MD5: 92528 81dc6239162152b2653a9b486f2d0661
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_powerpc.deb
Size/MD5: 809396 4165d247aff96a5f9ba5d8efec5cfde9
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_powerpc.deb
Size/MD5: 75066 ae63d91495a62335cf050f0377f9509f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050913/34603fa5/attachment.bin
Powered by blists - more mailing lists