USN-111-1: Squid vulnerability

USN-111-1: Squid vulnerability
Posted on: 04/14/2005 06:21 AM

A Squid security update is available for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-111-1 April 14, 2005
squid vulnerability
CAN-2005-0718
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.7. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability has been discovered in Squid. If the remote end aborted the connection during a PUT or POST request, Squid tried to free an already freed part of memory, which eventually caused the server to crash.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.diff.gz
Size/MD5: 275491 d294a0441d7e2de0da9341eace2c7e73
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.dsc
Size/MD5: 652 1816d94b51dc62c5377504600fe84b91
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.7_all.deb
Size/MD5: 190750 ff6a2988ea2399fcaa916ae5c39323e1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 90162 64c8782355756f2dc21a2a4bd405f512
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 812954 b2d4e53f212ce58fd33e650dd2b5014a
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_amd64.deb
Size/MD5: 71526 1ce2d80bda1f61c56b1541fd3eda4e77

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 88692 67b6ed2744f38d3e0033445f7ddd30e2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 728956 0383caf202387afd18855a77f7a349a0
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_i386.deb
Size/MD5: 70260 5765c384fdaa1bb4c172f5bb2ecf2bc8

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 89612 7c28105327bf3fc664d4a679e231625f
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 796392 70e394cace6837edc6643ddd33916d45
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_powerpc.deb
Size/MD5: 71030 edc5b5f6f79e958bb701ba4f4fb9c19d

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_111_1_squid_vulnerability.html)