lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050913121913.GB18201@piware.de>
Date: Tue Sep 13 13:19:23 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-183-1] Squid vulnerabilities

===========================================================
Ubuntu Security Notice USN-183-1	 September 13, 2005
squid vulnerabilities
CAN-2005-2794, CAN-2005-2796
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.10 (for Ubuntu 4.10), or 2.5.8-3ubuntu1.3 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

A Denial of Service vulnerability was discovered in the handling of
aborted requests. A remote attacker could exploit this to crash Squid
by sending specially crafted requests. (CAN-2005-2794)

Alex Masterov discovered a Denial of Service vulnerability in the
sslConnectTimeout() function. By sending specially crafted SSL
requests, a remote attacker could exploit this to crash Squid.
(CAN-2005-2796)

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10.diff.gz
      Size/MD5:   284164 ce36b166233fd9946e920556da79e75d
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10.dsc
      Size/MD5:      654 017d00f58a7841262bfb2d8f50cb6e0f
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
      Size/MD5:  1363967 6c7f3175b5fa04ab5ee68ce752e7b500

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.10_all.deb
      Size/MD5:   191164 3c039b5284111aab880c85a156824de2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_amd64.deb
      Size/MD5:    90580 0b771b5715aa2b0386ffa3c096a8f93d
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_amd64.deb
      Size/MD5:   813428 57c34e10d0d60d2c2cbe2f4832b35e11
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_amd64.deb
      Size/MD5:    71952 7fc28a868b31217d05c5fbaf4beeb460

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_i386.deb
      Size/MD5:    89128 91c225387b4f141a2ffb6ac5aa7bdc44
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_i386.deb
      Size/MD5:   729584 243212826e7070e0e4c91438a3eb4b25
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_i386.deb
      Size/MD5:    70684 5bf0595d913dcf59ad3d1bf91d634141

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.10_powerpc.deb
      Size/MD5:    90030 01eff0abb64ea07877973e3ba0aaa241
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.10_powerpc.deb
      Size/MD5:   797224 98721335e9dfbf0cbf9fc785ddfc918e
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.10_powerpc.deb
      Size/MD5:    71452 307bf9ea3680f2dafb4501b39a7ff581

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3.diff.gz
      Size/MD5:   306456 f4121964e610d1462339a4c5517dd168
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3.dsc
      Size/MD5:      663 1fbc7e73c20464df34ce77369986130a
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8.orig.tar.gz
      Size/MD5:  1383756 bbc1e77bd175462732fe5f0d822fd160

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8-3ubuntu1.3_all.deb
      Size/MD5:   194590 51d2c86df4e26e240b3b3e97e2876234

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_amd64.deb
      Size/MD5:    93060 903ebc9e9dffb8718ec074167cc60445
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_amd64.deb
      Size/MD5:   821568 2f65cf838894a289b516d861a62d1c9e
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_amd64.deb
      Size/MD5:    75580 a6e0d25ea07969cb2d7e0ab81d720a41

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_i386.deb
      Size/MD5:    91424 f57249b108bfa604c1b22986d3eaf273
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_i386.deb
      Size/MD5:   740114 d63e0265114b95cfe607fced33dbef3f
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_i386.deb
      Size/MD5:    74212 64c7f03a9087565ac5358190513de478

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.3_powerpc.deb
      Size/MD5:    92528 81dc6239162152b2653a9b486f2d0661
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.3_powerpc.deb
      Size/MD5:   809396 4165d247aff96a5f9ba5d8efec5cfde9
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.3_powerpc.deb
      Size/MD5:    75066 ae63d91495a62335cf050f0377f9509f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050913/34603fa5/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ