USN-122-1: Squid vulnerability

USN-122-1: Squid vulnerability
Posted on: 05/06/2005 08:07 AM

Squid security updates are available for Ubuntu Linux 4.10 and 5.04

==========================================================
Ubuntu Security Notice USN-122-1 May 06, 2005
squid vulnerability
CAN-2005-1345
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.8 (for Ubuntu 4.10), or 2.5.8-3ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Michael Bhola discovered that errors in the http_access configuration, in particular missing or invalid ACLs, did not cause a fatal error. This could lead to wider access permissions than intended by the administrator.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8.diff.gz
Size/MD5: 276757 7b26eb2a184679022f464b63e291d19b
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8.dsc
Size/MD5: 652 4da37d1c615d54797cc2028d849105ab
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.8_all.deb
Size/MD5: 190936 91e6cd46663089e064b6fb42ace96ac9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_amd64.deb
Size/MD5: 90378 e9015fbc3c1254c6c2f5bc8ac56efce2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_amd64.deb
Size/MD5: 813128 634d42a1725cfc923e35ea8119ffe3d0
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_amd64.deb
Size/MD5: 71736 fbae0529e868d4134d0ee115ff6638b9

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_i386.deb
Size/MD5: 88894 85ec877e990f28574de50c2c63e5f4a4
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_i386.deb
Size/MD5: 729090 baed31142f50ab158b623f529611f859
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_i386.deb
Size/MD5: 70454 3231efcaf0b8df6e613f25ec5b9346ab

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.8_powerpc.deb
Size/MD5: 89812 c73f36d8e893f983bf232356706dcc76
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.8_powerpc.deb
Size/MD5: 796794 1db8a06b33cac36bbc3a629f8a7a3c80
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.8_powerpc.deb
Size/MD5: 71226 7af865a03317a5a931c4809d9707d3d4

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1.diff.gz
Size/MD5: 298580 d806b5e84ae924135a6a34b44c1133a5
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1.dsc
Size/MD5: 663 a38a9f433f5823817c26026ce84560c5
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8.orig.tar.gz
Size/MD5: 1383756 bbc1e77bd175462732fe5f0d822fd160

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8-3ubuntu1.1_all.deb
Size/MD5: 194406 304fe5aae35b6afd0979a9e44637e176

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_amd64.deb
Size/MD5: 92780 4b4f9585274c29628aa225ad840cec48
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_amd64.deb
Size/MD5: 821112 c6a2a4efe7b9fa6bc14958034368fca0
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_amd64.deb
Size/MD5: 75330 6d94993c5922a51d97b7756e025e81bf

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_i386.deb
Size/MD5: 91166 6e36aa5eed03be943c4f1d5ecb4b54dc
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_i386.deb
Size/MD5: 739882 1c7b570053e84764736c4f4734efa197
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_i386.deb
Size/MD5: 73944 7ad8129917311c54a31e6179a152217f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.8-3ubuntu1.1_powerpc.deb
Size/MD5: 92264 e034c75cf11777603c273f57566d1eaf
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubuntu1.1_powerpc.deb
Size/MD5: 809094 c50c0f96eca1fcb05232147749a3336a
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.8-3ubuntu1.1_powerpc.deb
Size/MD5: 74794 a05d17bdd0d44a4bcdcbf8e61a1bddda

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_122_1_squid_vulnerability.html)