[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1266334476.2719.17.camel@mdlinux.technorage.com>
Date: Tue, 16 Feb 2010 10:34:36 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-901-1] Squid vulnerabilities
===========================================================
Ubuntu Security Notice USN-901-1 February 16, 2010
squid vulnerabilities
CVE-2009-2855, CVE-2010-0308
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
squid 2.5.12-4ubuntu2.5
Ubuntu 8.04 LTS:
squid 2.6.18-1ubuntu3.1
Ubuntu 8.10:
squid 2.7.STABLE3-1ubuntu2.2
Ubuntu 9.04:
squid 2.7.STABLE3-4.1ubuntu1.1
Ubuntu 9.10:
squid 2.7.STABLE6-2ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Squid incorrectly handled certain auth headers. A
remote attacker could exploit this with a specially-crafted auth header
and cause Squid to go into an infinite loop, resulting in a denial of
service. This issue only affected Ubuntu 8.10, 9.04 and 9.10.
(CVE-2009-2855)
It was discovered that Squid incorrectly handled certain DNS packets. A
remote attacker could exploit this with a specially-crafted DNS packet
and cause Squid to crash, resulting in a denial of service. (CVE-2010-0308)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.5.diff.gz
Size/MD5: 248533 2454656350ab9b5410483e80a79128c6
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.5.dsc
Size/MD5: 675 fd131c2b5c03f21f497f31b69c2eae06
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12.orig.tar.gz
Size/MD5: 1407261 1fc92afd1e858a51a2ebeba28cb76656
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.12-4ubuntu2.5_all.deb
Size/MD5: 203524 2455400b6eb3805ff0c1d2392068178f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.5_amd64.deb
Size/MD5: 844242 1afcf81c42b19962cdd5365bc5b6aa69
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.5_amd64.deb
Size/MD5: 106136 6ee8e11da7009f677e4fd30e9b047fe7
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.5_amd64.deb
Size/MD5: 79628 d7ecffbbf1a63b895773920663c4aef4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.5_i386.deb
Size/MD5: 756608 79994c8370fc139cb5a551c4997c5870
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.5_i386.deb
Size/MD5: 104932 b8f0b74ce627f661023a323373993284
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.5_i386.deb
Size/MD5: 78476 659174c97acab076331616e189f8c2fb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.5_powerpc.deb
Size/MD5: 839082 ee00e2ff00fd02a521e76acb9a53feda
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.5_powerpc.deb
Size/MD5: 105826 d9a3baf35ddb005d446fdae238beffaa
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.5_powerpc.deb
Size/MD5: 79588 b96f5eb6f8b36b9e7984876f4fe87033
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.5_sparc.deb
Size/MD5: 793288 e0229f7b2eeac59292bd1e72196f719b
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.5_sparc.deb
Size/MD5: 105312 12b27303a17ddbf229563d664fc40f01
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.5_sparc.deb
Size/MD5: 79540 9d6e00216f18b6c151d0870b5f916b81
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubuntu3.1.diff.gz
Size/MD5: 300822 a117f6c4aca9a0a1c592f446b7fe04fd
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubuntu3.1.dsc
Size/MD5: 806 3619367bb8824288a5f4c58a51ddc3b2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18.orig.tar.gz
Size/MD5: 1725660 d7ff75f7b75ba7bc28ea453fe4b94434
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.18-1ubuntu3.1_all.deb
Size/MD5: 482290 21e970822bc7e4f3f0eb62a82857dd62
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubuntu3.1_amd64.deb
Size/MD5: 715890 ccfb79671e52658b060657b60cceff30
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.1_amd64.deb
Size/MD5: 114594 d21ec960f3a5fc29349e6a31b7a847a8
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.1_amd64.deb
Size/MD5: 94414 514e5336f1cc498b35a28e8dd7b9246a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubuntu3.1_i386.deb
Size/MD5: 642908 437bb9c1048db9d58cbc7203c2b702f5
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.1_i386.deb
Size/MD5: 113692 2133467e47fe5910f67255843509b073
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.1_i386.deb
Size/MD5: 93528 61f7d6c8eacd5ec8aba6560a77946604
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.1_lpia.deb
Size/MD5: 644896 45553d97b6a7b9fe30f88a29d31be6ad
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.1_lpia.deb
Size/MD5: 113548 6cf3239380c78738599f279dba36b5b5
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.1_lpia.deb
Size/MD5: 93440 bdea3a1d1303bf8917a768490b6c54bb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.1_powerpc.deb
Size/MD5: 729018 5e12656ba78bd89104735458d4dcc680
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.1_powerpc.deb
Size/MD5: 115460 e120d04274723cad6da7fd9e6c6ae481
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.1_powerpc.deb
Size/MD5: 95054 f2cad2324cf454faa0d9b4f639a7f782
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.1_sparc.deb
Size/MD5: 669852 98a34a8a069fc0cb8d01fc71b6eca3bd
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3.1_sparc.deb
Size/MD5: 114158 6912e4098c27d0c41e8e214273a3a485
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubuntu3.1_sparc.deb
Size/MD5: 94658 8e425faa823c00d421c85b8b9f70f165
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.2.diff.gz
Size/MD5: 304074 8d6595b133476ebdfd500b41c373618b
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.2.dsc
Size/MD5: 1253 64d9293267b6958dd3d0ed102c6ee618
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.orig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.STABLE3-1ubuntu2.2_all.deb
Size/MD5: 496014 7c0717d8f7c7f586e0f5359c3ad81d28
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.2_amd64.deb
Size/MD5: 771770 ff19be00b375719b740c8aee4687c284
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.2_amd64.deb
Size/MD5: 120016 228e7986ffc3e50a0661d338b283d8ea
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.2_i386.deb
Size/MD5: 695860 dfcc70857b10eaa2a111f03829c2190d
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.2_i386.deb
Size/MD5: 118776 7be15db3887a81291236beaa353ebdf5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.2_lpia.deb
Size/MD5: 694110 a2bdd32ad4625be13a75b40344cd3b5b
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.2_lpia.deb
Size/MD5: 118680 b37761349524ac1e81a28dd248be294a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.2_powerpc.deb
Size/MD5: 778254 456062a86f9a85e26bdbe5cbb930b0f1
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.2_powerpc.deb
Size/MD5: 120594 fab58afccbd4536a5a08517a88d05212
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.2_sparc.deb
Size/MD5: 719234 c6a43b6bf15a8dfbc4981266d06e1da8
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.2_sparc.deb
Size/MD5: 119536 8e45754fddb4517ee1a0441d98680fb2
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.1.diff.gz
Size/MD5: 309541 c0849f64ed73fe6e0faa903f02cb5e0c
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.1.dsc
Size/MD5: 1261 c857a6a4117f69d074ac78a3085f75f1
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.orig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.STABLE3-4.1ubuntu1.1_all.deb
Size/MD5: 496694 23bf755c15cf1c025879e0a8a4ff1ddb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.1_amd64.deb
Size/MD5: 772966 eb3740e568636cabfd59e79236217fad
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.1_amd64.deb
Size/MD5: 120732 78c8d8fb946a94f2d69be15a77864c07
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.1_i386.deb
Size/MD5: 696842 78df80b53e8af1bbc1b13221206ae72e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.1_i386.deb
Size/MD5: 119434 7a5ba2ac5c44505866da1ad2358cbe42
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.1_lpia.deb
Size/MD5: 695448 301a11d0423ceef12b1c1a321ccac364
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.1_lpia.deb
Size/MD5: 119352 f3bd8c65af58b76c357d244688f3cd16
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.1_powerpc.deb
Size/MD5: 779592 daa4786247e98d9beaedfb496663ecbd
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.1_powerpc.deb
Size/MD5: 121282 26beb55ede0cb6ba700579e5313f3a43
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.1_sparc.deb
Size/MD5: 719760 2b18b83fa554dc26aa6dfe4bbebec018
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1ubuntu1.1_sparc.deb
Size/MD5: 120200 e31f9d6dfdb8c03912e52eb5945bd5cf
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.1.diff.gz
Size/MD5: 304537 e1bc8245ae44b54b879ac9387f8e5d43
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.1.dsc
Size/MD5: 1272 e220c14c3b7128a5c429a474df9d04a0
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6.orig.tar.gz
Size/MD5: 1786189 b6bcacd9c58e6e9e18d0ff44d20c50d9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.STABLE6-2ubuntu2.1_all.deb
Size/MD5: 351776 295f7d973a4213f26bfee7f29204daf9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.1_amd64.deb
Size/MD5: 815802 85cee789f10e319c608e599eed958717
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.1_amd64.deb
Size/MD5: 122986 5b389450e481b24aaf120aaa468679c6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.1_i386.deb
Size/MD5: 764152 b285560419935f5ccbe7230e994e7f4c
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.1_i386.deb
Size/MD5: 122142 5014ab2ae281f5b7d8e3954bcbaa7117
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.1_lpia.deb
Size/MD5: 762270 920c4de6c29dfc31b006dccf00976059
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.1_lpia.deb
Size/MD5: 121928 4e41197bcd57396933d69c3b74c9e81d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.1_powerpc.deb
Size/MD5: 829778 df71fb6e967608eda2e40f6e72f4e2ab
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.1_powerpc.deb
Size/MD5: 123804 96c3da7783abd1f1355bc453375c5f91
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.1_sparc.deb
Size/MD5: 843590 b07c87d2ffb5f4b059842c3a1f228704
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ubuntu2.1_sparc.deb
Size/MD5: 123462 4cb8909dce8561e30a6ccb4d7c7b75dc
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists