USN-19-1: squid vulnerabilities
Posted on: 11/06/2004 09:44 PM

A Squid security update has been released for Ubuntu Linux

Ubuntu Security Notice USN-19-1 November 06, 2004
squid vulnerabilities
CAN-2004-0832, CAN-2004-0918

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Recently, two Denial of Service vulnerabilities have been discovered in squid, a WWW proxy cache. Insufficient input validation in the NTLM authentication handler allowed a remote attacker to crash the service by sending a specially crafted NTLMSSP packet. Likewise, due to an insufficient validation of ASN.1 headers, a remote attacker could restart the server (causing all open connections to be dropped) by sending certain SNMP packets with negative length fields.

Source archives:
Size/MD5: 259904 dafa303b7dbaba6d94cdb6219bf2608f
Size/MD5: 652 e2fb6fe3b776af4b2a84bf2103a41386
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500

Architecture independent packages:
Size/MD5: 184630 a2ad407c6e371287fc6061d9a1295c83

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 89084 c83f32e9c4b9253107046b3c8626a7a6
Size/MD5: 810780 19c62c0e6581a194c4b61d7ff3988de1
Size/MD5: 70420 fbd6e6d34c9e0834b497f4c8d8f565d2

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 87604 25c3fe52bd106d8867e388185f131911
Size/MD5: 725978 79f5c89b1e0e5cbaa9b96efbc55b5e49
Size/MD5: 69154 04818e3a50390c2f26cfa1fddbbba7ec

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 88536 5fc818c479164f8192a7dd8ffe490143
Size/MD5: 793294 7dd44b476aa14a7c5462a948d1bbf593
Size/MD5: 69908 b79a85411417cda463932a656a6c8ff5

Printed from Linux Compatible (