Prev-20 Home Next-20 10 msg possible samba security problem 3 msg DSA policy change? (posting stopped to full-dis... 3 msg auth log 1 msg Re: [SECURITY] [DSA 660-1] New kdebase packages... 1 msg ABSENT 1 msg [CS #49926] AutoReply: [SECURITY] [DSA 648-1] N... 1 msg Tripwire checks of '/var' 1 msg Ik ben op vakantie. 2 msg Rkhunter : old or patched 3 msg SELinux in debian/sarge 1 msg plz. recommand best anti-spam sites and books. 1 msg Re: [all:14463] [SECURITY] [DSA 652-1] New unar... 2 msg Christian Hörlle/TSB-Bln ist außer Haus / is ou... 2 msg PAM account, auth, password, session source cod... 4 msg Loop-AES help 2 msg Thread 1 msg Fredo Strüber/HV/Maritim ist außer Haus. 2 msg Spamassassin slowdown? Re: [SECURITY] [DSA 651-1] New squid packages f... \ Flemming S. Boller (20 Jan 2005) 1 msg Stefan Markowitz ist außer Haus. Prev-20 Home Next-20

Prev-Msg Prev-Thread Debian-security Jan-2005 Next-Thread Next-Msg Subject: Re: [SECURITY] [DSA 651-1] New squid packages fix denial of service Group: Debian-security From: Flemming S. Boller Date: 20 Jan 2005 277181 39 Martin Schulze wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >- -------------------------------------------------------------------------- >Debian Security Advisory DSA 651-1 security >http://www.debian.org/security/ Martin Schulze >January 20th, 2005 http://www.debian.org/security/faq >- -------------------------------------------------------------------------- > >Package : squid >Vulnerability : buffer overflow, integer overflow >Problem-Type : remote >Debian-specific: no >CVE ID : CAN-2005-0094 CAN-2005-0095 > >Several vulnerabilities have been discovered in Squid, the internet >object cache, the popular WWW proxy cache. The Common Vulnerabilities >and Exposures Project identifies the following vulnerabilities: > >CAN-2005-0094 > > "infamous41md" discovered a buffer overflow in the parser for > Gopher responses which will lead to memory corruption and usually > crash Squid. > >CAN-2005-0095 > > "infamous41md" discovered an integer overflow in the receiver of > WCCP (Web Cache Communication Protocol) messages. An attacker > could send a specially crafted UDP datagram that will cause Squid > to crash. > >For the stable distribution (woody) these problems have been fixed in >version 2.4.6-2woody5. > >For the unstable distribution (sid) these problems have been fixed in >version 2.5.7-4. > >We recommend that you upgrade your squid package. > > >Upgrade Instructions >- -------------------- > >wget url > will fetch the file for you >dpkg -i file.deb > will install the referenced file. > >If you are using the apt-get package manager, use the line for >sources.list as given below: > >apt-get update > will update the internal database >apt-get upgrade > will install corrected packages > >You may use an automated update by adding the resources from the >footer to the proper configuration. > > >Debian GNU/Linux 3.0 alias woody >- -------------------------------- > > Source archives: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.dsc > Size/MD5 checksum: 612 69bd41324bb88cc4a76fcacba1f6cb9b > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.diff.gz > Size/MD5 checksum: 227846 52f6d82e486f23dba4240260dc64ea57 > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz > Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228 > > Alpha architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_alpha.d eb > Size/MD5 checksum: 814804 684a7a602a7dce53d3e2d5ea526cdfeb > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_alp ha.deb > Size/MD5 checksum: 75340 061412b8ca998b1ae5a7c576eac51425 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_a lpha.deb > Size/MD5 checksum: 60094 8ecf3345226d4023c661cb5950929d5c > > ARM architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_arm.deb > Size/MD5 checksum: 725286 b9103ba40dfcc47200b971a0ad123bb9 > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_arm .deb > Size/MD5 checksum: 73116 fe083c2e4e65e0bcff82b42c292f9c69 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_a rm.deb > Size/MD5 checksum: 58444 225728ea1d83a4f999cbcd1cbc918471 > > Intel IA-32 architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_i386.de b > Size/MD5 checksum: 684376 bd4f50309316282ffdf9012e6a051349 > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_i38 6.deb > Size/MD5 checksum: 72850 f0f790e828a53ae94406c68d8c386ac7 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_i 386.deb > Size/MD5 checksum: 58014 9f2e5d189aa0df9d01d47c6870ca25f9 > > Intel IA-64 architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_ia64.de b > Size/MD5 checksum: 953366 146cb3cfadbb09b473289462fcb85c4e > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_ia6 4.deb > Size/MD5 checksum: 79224 6a83889272e28d86602d86358929196b > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_i a64.deb > Size/MD5 checksum: 62766 6b48ca53c8bc2f0972a1b4653d04fa54 > > HP Precision architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_hppa.de b > Size/MD5 checksum: 779204 684c9f7e7b7bd4abda5eda0890974951 > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_hpp a.deb > Size/MD5 checksum: 74562 861f28d3d058c56d620ce557b488780f > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_h ppa.deb > Size/MD5 checksum: 59574 16d03b269cb3d067cd6129b9bf1eccdc > > Motorola 680x0 architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_m68k.de b > Size/MD5 checksum: 665532 da4701e4506c91a7297ebe41314d88cd > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_m68 k.deb > Size/MD5 checksum: 72460 3ad96b1dc107bbaafd67592f8477bab4 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_m 68k.deb > Size/MD5 checksum: 57678 0202dafa52ea24eb34c3d477459ad287 > > Big endian MIPS architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mips.de b > Size/MD5 checksum: 764854 c97c148f54c9d80e9d3d6c127894813b > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mip s.deb > Size/MD5 checksum: 74028 d49e9634ed353d8b713f4d80de731b61 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_m ips.deb > Size/MD5 checksum: 58730 762b4bb651f8531208db4cd941a06560 > > Little endian MIPS architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mipsel. deb > Size/MD5 checksum: 764702 d134fdcf4916a521147f94837e2e544e > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mip sel.deb > Size/MD5 checksum: 74118 9bdfc6bc5e7f752df213cdffb197f877 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_m ipsel.deb > Size/MD5 checksum: 58838 edc757de19a59274fcb2a3d32791dcc0 > > PowerPC architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_powerpc .deb > Size/MD5 checksum: 722068 9c18747e4a7e6b15c05ab547efc59993 > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_pow erpc.deb > Size/MD5 checksum: 73100 7af618b2b8b1e225af2631a07da615d8 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_p owerpc.deb > Size/MD5 checksum: 58322 23f79cf266df794a375ba75b2a973026 > > IBM S/390 architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_s390.de b > Size/MD5 checksum: 711584 f750ce9dd12460574b2c69031d3933bf > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_s39 0.deb > Size/MD5 checksum: 73442 e9a485219baaec097b7d432ba4ea8a26 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_s 390.deb > Size/MD5 checksum: 58876 4ab64ae10b353e69facfcc59fa6fa0ab > > Sun Sparc architecture: > > http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_sparc.d eb > Size/MD5 checksum: 724314 d4af1a337ee603d7b1039f132996b0bf > http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_spa rc.deb > Size/MD5 checksum: 75728 9974f32b84edb4969c9216742e9c9f73 > http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_s parc.deb > Size/MD5 checksum: 60762 a7aad73eabef840dd648ef058dc852d5 > > > These files will probably be moved into the stable distribution on > its next update. > >- -------------------------------------------------------------------------------- - >For apt-get: deb http://security.debian.org/ stable/updates main >For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main >Mailing list: debian-security-announce >Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.5 (GNU/Linux) > >iD8DBQFB7+UcW5ql+IAeqTIRAo+aAJwKdAQ/YxftQ5ERX3Du8dM3T364KQCfcSQH >blvaz7fbg6rkM9Hj0TopuLM= >=Kbp2 >-----END PGP SIGNATURE----- > > > > -- To UNSUBSCRIBE, email to debian-security-REQUEST with a subject of "unsubscribe". Trouble? Contact listmaster Prev-Msg Prev-Thread Debian-security Jan-2005 Next-Thread Next-Msg

© 2004-2008 readlist.com