lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1ELDMU-000oepC@finlandia.Infodrom.North.DE>
Date: Fri Sep 30 06:27:27 2005
From: joey at infodrom.org (Martin Schulze)
Subject: [SECURITY] [DSA 828-1] New squid packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 828-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
September 30th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : squid
Vulnerability  : authentication handling
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2917

Upstream developers of squid, the popular WWW proxy cache, have
discovered that changes in the authentication scheme are not handled
properly when given certain request sequences while NTLM
authentication is in place, which may cause the daemon to restart.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.5.9-10sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.5.10-6.

We recommend that you upgrade your squid packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.dsc
      Size/MD5 checksum:      659 2392074c3f5bbafac714a0efe3f5413b
    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.diff.gz
      Size/MD5 checksum:   343578 5b33f1d886a388f5b5e13adf6f8cba36
    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9.orig.tar.gz
      Size/MD5 checksum:  1384772 7290aa52ade1b5d5d3812e9089be13a9

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/squid/squid-common_2.5.9-10sarge2_all.deb
      Size/MD5 checksum:   195092 380110271211412fec2a319dd55fabe5

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_alpha.deb
      Size/MD5 checksum:   943132 eb3fed6cf6e3014a3793a2c692d1a93d
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_alpha.deb
      Size/MD5 checksum:   100092 c224ea4c569b7857c7b396de2216df92
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_alpha.deb
      Size/MD5 checksum:    78174 7ed6d005ceef0d2d475ae3489c72ba82

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_amd64.deb
      Size/MD5 checksum:   822522 b0c83496fdcfd0950235ee3d423b96a5
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_amd64.deb
      Size/MD5 checksum:    98280 3351bd411a92695183de96d000f8b856
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_amd64.deb
      Size/MD5 checksum:    76288 4452d3e5b62676aa76daf2b07a158887

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_arm.deb
      Size/MD5 checksum:   783270 9a7085ed176606fdf1b46e267a3fd437
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_arm.deb
      Size/MD5 checksum:    95822 7937e80db8f517e45fd5a85dc73ed205
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_arm.deb
      Size/MD5 checksum:    75242 4248b0cf821444aa575d6d8650ae1c4e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_i386.deb
      Size/MD5 checksum:   767558 524c210937dd208f2dde7e400290060b
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_i386.deb
      Size/MD5 checksum:    96890 e6a39d2018725412fa6142b2622f9712
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_i386.deb
      Size/MD5 checksum:    75360 249ca7fb34dfefec019c7a7cc79ee8aa

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_ia64.deb
      Size/MD5 checksum:  1074060 be6aff976b6e7fffcae8b701ea608583
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_ia64.deb
      Size/MD5 checksum:   103614 332575bcf0a0c8137d7c3cbf9e768f76
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_ia64.deb
      Size/MD5 checksum:    80686 6357f553a55dc3b27c9f69dd2840765c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_hppa.deb
      Size/MD5 checksum:   849592 af5a9a87759ac93cd52bddff4ad0b46f
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_hppa.deb
      Size/MD5 checksum:    98076 a9509a1c205d88c5fa071a7de874c671
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_hppa.deb
      Size/MD5 checksum:    77666 60e20ba927030b8713c5d057eae4d928

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_m68k.deb
      Size/MD5 checksum:   705606 1742d32fc772f1dc5e765f492ef6b6c4
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_m68k.deb
      Size/MD5 checksum:    95102 5b803c73e45ea2e47afe2729c573b305
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_m68k.deb
      Size/MD5 checksum:    74588 74db688bbd0a2e5dc63fa7eb1bb1e84f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mips.deb
      Size/MD5 checksum:   880286 57abb8cb6e105d6c288b65ea14f240c5
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mips.deb
      Size/MD5 checksum:    97596 079a2d1377ecc0cc72bb8258953a3de0
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mips.deb
      Size/MD5 checksum:    76784 e795094f66e38ef0852d5d12566db04e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mipsel.deb
      Size/MD5 checksum:   883008 1e3ed4efc7ee2e02afb264b217d1e578
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mipsel.deb
      Size/MD5 checksum:    97670 9619665e833fd5579ca609cf403072cf
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mipsel.deb
      Size/MD5 checksum:    76884 a147494ae53e333ec10bcbb7bfed9fd0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_powerpc.deb
      Size/MD5 checksum:   817704 d723f8c63f9ece32a4e3c6ced55af7d5
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_powerpc.deb
      Size/MD5 checksum:    96798 df6dfd74b399bf4f38ac7b2cfd848b75
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_powerpc.deb
      Size/MD5 checksum:    75938 1ab64c11452cfc36f597f49a423377c3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_s390.deb
      Size/MD5 checksum:   816160 2a6605a8e65f4fa7035f1a9771139a9a
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_s390.deb
      Size/MD5 checksum:    97178 ebbef048a05df68823ae4d614004937e
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_s390.deb
      Size/MD5 checksum:    76598 ef92c29c34d0637d8c833427477cf866

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_sparc.deb
      Size/MD5 checksum:   773748 9327db7709ccb329f7c83270037ea229
    http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_sparc.deb
      Size/MD5 checksum:    95968 9ba038513e069f6e96d41cf3068daa3c
    http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_sparc.deb
      Size/MD5 checksum:    75618 12254a07f2b7b7a461e8370743da5721


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPMu9W5ql+IAeqTIRAoiAAJ9fxgBxsBLqNf91HLvADl8sDPn1hwCfcnUx
4UL5rjylWEZN3Af4OYM6boM=
=raQK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ