lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070326192757.GR22797@outflux.net>
Date: Mon, 26 Mar 2007 12:27:57 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-441-1] Squid vulnerability

=========================================================== 
Ubuntu Security Notice USN-441-1             March 26, 2007
squid vulnerability
CVE-2007-1560
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  squid-common                             2.6.1-3ubuntu1.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in Squid's handling of the TRACE request method 
which could lead to a crash.  Remote attackers with access to the Squid 
server could send malicious TRACE requests, and cause a denial of 
service.


Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3.diff.gz
      Size/MD5:   250876 1cdb68f572905a658332626bf5c82e0d
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3.dsc
      Size/MD5:      675 68ea342ede9e0884bd9322f506d5e853
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1.orig.tar.gz
      Size/MD5:  1593236 5035d9cc90e8033e4eac232ce19a665f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.1-3ubuntu1.3_all.deb
      Size/MD5:   415788 177a7816bf2c86a023f5c7430d347c51

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.3_amd64.deb
      Size/MD5:   109486 82e54a172321ef88adb4adbe9c5aa280
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3_amd64.deb
      Size/MD5:   678350 49dedf891d3278a315c883b77a772863
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.3_amd64.deb
      Size/MD5:    82004 8531f4aace8da06140b083a3a45d222c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.3_i386.deb
      Size/MD5:   108662 a0ecd2ae24f41f65d8140cd0ab5589c0
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3_i386.deb
      Size/MD5:   609310 132f8fdc740c9ef37240a3e52fb9eb2e
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.3_i386.deb
      Size/MD5:    81248 33e11dee2c379ca822086590757b44b4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.3_powerpc.deb
      Size/MD5:   109314 b01d5dae4d047d685eecf9d4a38fa444
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3_powerpc.deb
      Size/MD5:   683102 da2e3182544065eff0d5f1a2a2e5757f
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.3_powerpc.deb
      Size/MD5:    81936 77d439db8784d924e45e55a95e1faf7f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.3_sparc.deb
      Size/MD5:   108928 f0335d3acb4695bb7cef62ca6d49cfda
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.3_sparc.deb
      Size/MD5:   635674 91801712e36e9acac7b1e749b8cfbb39
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.3_sparc.deb
      Size/MD5:    82300 16d95a56a9e55d1b0b3ec8af5e01e43f


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ