USN-93-1: Squid vulnerability
Posted on: 03/08/2005 06:37 AM

A Squid security update is available for Ubuntu Linux 4.10

Ubuntu Security Notice USN-93-1 March 08, 2005
squid vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.6. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A race condition was discovered in the handling of "Set-Cookie" headers. If the obsolete Netscape recommendation was used for handling cookies in the cache, it was possible for an attacker to steal the cookies of other users.

Source archives:
Size/MD5: 274718 c9d8eb20819948c3d59705745730e88e
Size/MD5: 652 6e6f281efb48e36c75016b159e19f050
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500

Architecture independent packages:
Size/MD5: 190704 eff315816c0f840e3857af0ec8e2d213

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 90084 0ffd6d6a57b8a20859239eb0469b913c
Size/MD5: 812874 29194c51fdbb055aea7c0a913f49d972
Size/MD5: 71438 f4551b3d077723a432a32dbbd1208504

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 88616 c02beab64129afa343022eb0a47c03fb
Size/MD5: 728856 3ccd8846f2b807c94a499e6b53daceba
Size/MD5: 70172 8d12341a1f50936da07358b66d0ebf6a

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 89514 9cb43b1cd9fd17c1d21664b73cbd21c0
Size/MD5: 796326 c9036ad491d500cfe4ed4494c537ff26
Size/MD5: 70928 636dac5028b9475b03260b1800a37e5c

Printed from Linux Compatible (